Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-25062
Vulnerability from cvelistv5
Published
2024-02-04 00:00
Modified
2024-08-01 23:36
Severity ?
EPSS score ?
Summary
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 | Exploit, Issue Tracking | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/libxml2/-/tags | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/libxml2/-/tags | Release Notes |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:36:21.588Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, { tags: [ "x_transferred", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-04T16:04:53.794792", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, { url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-25062", datePublished: "2024-02-04T00:00:00", dateReserved: "2024-02-04T00:00:00", dateUpdated: "2024-08-01T23:36:21.588Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.11.7\", \"matchCriteriaId\": \"971ACB1F-3D2E-4CBD-A75C-F58063898438\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.12.0\", \"versionEndExcluding\": \"2.12.5\", \"matchCriteriaId\": \"D4CEB958-63E0-4939-9520-406AB65425C9\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.\"}, {\"lang\": \"es\", \"value\": \"Se descubri\\u00f3 un problema en libxml2 anterior a 2.11.7 y 2.12.x anterior a 2.12.5. Cuando se utiliza la interfaz del Lector XML con la validaci\\u00f3n DTD y la expansi\\u00f3n XInclude habilitada, el procesamiento de documentos XML manipulados puede generar un use-after-free de xmlValidatePopElement.\"}]", id: "CVE-2024-25062", lastModified: "2024-11-21T09:00:10.427", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}", published: "2024-02-04T16:15:45.120", references: "[{\"url\": \"https://gitlab.gnome.org/GNOME/libxml2/-/issues/604\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://gitlab.gnome.org/GNOME/libxml2/-/tags\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://gitlab.gnome.org/GNOME/libxml2/-/issues/604\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\"]}, {\"url\": \"https://gitlab.gnome.org/GNOME/libxml2/-/tags\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}]", sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2024-25062\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-02-04T16:15:45.120\",\"lastModified\":\"2024-11-21T09:00:10.427\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.\"},{\"lang\":\"es\",\"value\":\"Se descubrió un problema en libxml2 anterior a 2.11.7 y 2.12.x anterior a 2.12.5. Cuando se utiliza la interfaz del Lector XML con la validación DTD y la expansión XInclude habilitada, el procesamiento de documentos XML manipulados puede generar un use-after-free de xmlValidatePopElement.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.11.7\",\"matchCriteriaId\":\"971ACB1F-3D2E-4CBD-A75C-F58063898438\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.12.0\",\"versionEndExcluding\":\"2.12.5\",\"matchCriteriaId\":\"D4CEB958-63E0-4939-9520-406AB65425C9\"}]}]}],\"references\":[{\"url\":\"https://gitlab.gnome.org/GNOME/libxml2/-/issues/604\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://gitlab.gnome.org/GNOME/libxml2/-/tags\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://gitlab.gnome.org/GNOME/libxml2/-/issues/604\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://gitlab.gnome.org/GNOME/libxml2/-/tags\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]}]}}", }, }
rhsa-2024_3625
Vulnerability from csaf_redhat
Published
2024-06-05 10:19
Modified
2024-11-21 21:11
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact,
a CVSS score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact,\n a CVSS score, acknowledgments, and other related information, refer to the CVE page(s)\n listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3625", url: "https://access.redhat.com/errata/RHSA-2024:3625", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3625.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2024-11-21T21:11:41+00:00", generator: { date: "2024-11-21T21:11:41+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:3625", initial_release_date: "2024-06-05T10:19:16+00:00", revision_history: [ { date: "2024-06-05T10:19:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T10:19:16+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-21T21:11:41+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.2)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:9.2::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.aarch64", product: { name: "libxml2-0:2.9.13-3.el9_2.3.aarch64", product_id: "libxml2-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", product: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", product_id: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", product_id: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", product_id: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.i686", product: { name: "libxml2-0:2.9.13-3.el9_2.3.i686", product_id: "libxml2-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.x86_64", product: { name: "libxml2-0:2.9.13-3.el9_2.3.x86_64", product_id: "libxml2-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", product: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", product_id: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.s390x", product: { name: "libxml2-0:2.9.13-3.el9_2.3.s390x", product_id: "libxml2-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", product: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", product_id: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.3?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.src", product: { name: "libxml2-0:2.9.13-3.el9_2.3.src", product_id: "libxml2-0:2.9.13-3.el9_2.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.src", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.src", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T10:19:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3625", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
rhsa-2024:3299
Vulnerability from csaf_redhat
Published
2024-05-22 22:01
Modified
2025-01-09 06:19
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.6.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of
various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 8.6.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of\nvarious XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3299", url: "https://access.redhat.com/errata/RHSA-2024:3299", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3299.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2025-01-09T06:19:39+00:00", generator: { date: "2025-01-09T06:19:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:3299", initial_release_date: "2024-05-22T22:01:12+00:00", revision_history: [ { date: "2024-05-22T22:01:12+00:00", number: "1", summary: "Initial version", }, { date: "2024-05-22T22:01:12+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T06:19:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.6::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:8.6::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.src", product: { name: "libxml2-0:2.9.7-13.el8_6.5.src", product_id: "libxml2-0:2.9.7-13.el8_6.5.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.aarch64", product: { name: "libxml2-0:2.9.7-13.el8_6.5.aarch64", product_id: "libxml2-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", product: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", product_id: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", product_id: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", product_id: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.i686", product: { name: "libxml2-0:2.9.7-13.el8_6.5.i686", product_id: "libxml2-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=i686", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.x86_64", product: { name: "libxml2-0:2.9.7-13.el8_6.5.x86_64", product_id: "libxml2-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", product: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", product_id: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.s390x", product: { name: "libxml2-0:2.9.7-13.el8_6.5.s390x", product_id: "libxml2-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", product: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", product_id: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.src", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.src", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-05-22T22:01:12+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3299", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
rhsa-2024_3626
Vulnerability from csaf_redhat
Published
2024-06-05 10:40
Modified
2024-11-21 21:11
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.10.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of
various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact,
a CVSS score, acknowledgments, and other related information, refer
to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 8.10.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of\nvarious XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact,\na CVSS score, acknowledgments, and other related information, refer\nto the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3626", url: "https://access.redhat.com/errata/RHSA-2024:3626", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3626.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2024-11-21T21:11:51+00:00", generator: { date: "2024-11-21T21:11:51+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:3626", initial_release_date: "2024-06-05T10:40:16+00:00", revision_history: [ { date: "2024-06-05T10:40:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T10:40:16+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-21T21:11:51+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 8)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:8::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.aarch64", product: { name: "libxml2-0:2.9.7-18.el8_10.1.aarch64", product_id: "libxml2-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", product: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", product_id: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", product_id: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", product_id: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.i686", product: { name: "libxml2-0:2.9.7-18.el8_10.1.i686", product_id: "libxml2-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.x86_64", product: { name: "libxml2-0:2.9.7-18.el8_10.1.x86_64", product_id: "libxml2-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", product: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", product_id: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.s390x", product: { name: "libxml2-0:2.9.7-18.el8_10.1.s390x", product_id: "libxml2-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", product: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", product_id: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-18.el8_10.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.src", product: { name: "libxml2-0:2.9.7-18.el8_10.1.src", product_id: "libxml2-0:2.9.7-18.el8_10.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.src", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.src", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T10:40:16+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3626", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
rhsa-2024:3303
Vulnerability from csaf_redhat
Published
2024-05-23 06:34
Modified
2025-01-09 06:19
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.8.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of
various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 8.8.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of\nvarious XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3303", url: "https://access.redhat.com/errata/RHSA-2024:3303", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3303.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2025-01-09T06:19:50+00:00", generator: { date: "2025-01-09T06:19:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:3303", initial_release_date: "2024-05-23T06:34:13+00:00", revision_history: [ { date: "2024-05-23T06:34:13+00:00", number: "1", summary: "Initial version", }, { date: "2024-05-23T06:34:13+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T06:19:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.8)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.8::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:8.8::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.aarch64", product: { name: "libxml2-0:2.9.7-16.el8_8.4.aarch64", product_id: "libxml2-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", product: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", product_id: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", product_id: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", product_id: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.i686", product: { name: "libxml2-0:2.9.7-16.el8_8.4.i686", product_id: "libxml2-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.x86_64", product: { name: "libxml2-0:2.9.7-16.el8_8.4.x86_64", product_id: "libxml2-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", product: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", product_id: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.s390x", product: { name: "libxml2-0:2.9.7-16.el8_8.4.s390x", product_id: "libxml2-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", product: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", product_id: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.src", product: { name: "libxml2-0:2.9.7-16.el8_8.4.src", product_id: "libxml2-0:2.9.7-16.el8_8.4.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.src", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.src", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-05-23T06:34:13+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3303", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
rhsa-2024_3299
Vulnerability from csaf_redhat
Published
2024-05-22 22:01
Modified
2024-11-21 21:12
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.6.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of
various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 8.6.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of\nvarious XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3299", url: "https://access.redhat.com/errata/RHSA-2024:3299", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3299.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2024-11-21T21:12:49+00:00", generator: { date: "2024-11-21T21:12:49+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:3299", initial_release_date: "2024-05-22T22:01:12+00:00", revision_history: [ { date: "2024-05-22T22:01:12+00:00", number: "1", summary: "Initial version", }, { date: "2024-05-22T22:01:12+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-21T21:12:49+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.6::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:8.6::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.src", product: { name: "libxml2-0:2.9.7-13.el8_6.5.src", product_id: "libxml2-0:2.9.7-13.el8_6.5.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.aarch64", product: { name: "libxml2-0:2.9.7-13.el8_6.5.aarch64", product_id: "libxml2-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", product: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", product_id: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", product_id: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", product_id: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.i686", product: { name: "libxml2-0:2.9.7-13.el8_6.5.i686", product_id: "libxml2-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=i686", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.x86_64", product: { name: "libxml2-0:2.9.7-13.el8_6.5.x86_64", product_id: "libxml2-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", product: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", product_id: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.s390x", product: { name: "libxml2-0:2.9.7-13.el8_6.5.s390x", product_id: "libxml2-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", product: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", product_id: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.src", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.src", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-05-22T22:01:12+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3299", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
rhsa-2024_2679
Vulnerability from csaf_redhat
Published
2024-05-02 14:58
Modified
2024-11-21 21:12
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:2679", url: "https://access.redhat.com/errata/RHSA-2024:2679", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2679.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2024-11-21T21:12:30+00:00", generator: { date: "2024-11-21T21:12:30+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:2679", initial_release_date: "2024-05-02T14:58:39+00:00", revision_history: [ { date: "2024-05-02T14:58:39+00:00", number: "1", summary: "Initial version", }, { date: "2024-05-02T14:58:39+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-21T21:12:30+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 9)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:9::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", product_id: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.aarch64", product: { name: "libxml2-0:2.9.13-6.el9_4.aarch64", product_id: "libxml2-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", product: { name: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", product_id: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-6.el9_4?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", product_id: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.ppc64le", product: { name: "libxml2-0:2.9.13-6.el9_4.ppc64le", product_id: "libxml2-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", product: { name: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", product_id: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-6.el9_4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.i686", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.i686", product_id: "libxml2-devel-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.i686", product: { name: "libxml2-0:2.9.13-6.el9_4.i686", product_id: "libxml2-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", product_id: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.x86_64", product: { name: "libxml2-0:2.9.13-6.el9_4.x86_64", product_id: "libxml2-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", product: { name: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", product_id: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-6.el9_4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.s390x", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.s390x", product_id: "libxml2-devel-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.s390x", product: { name: "libxml2-0:2.9.13-6.el9_4.s390x", product_id: "libxml2-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-6.el9_4.s390x", product: { name: "python3-libxml2-0:2.9.13-6.el9_4.s390x", product_id: "python3-libxml2-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-6.el9_4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.src", product: { name: "libxml2-0:2.9.13-6.el9_4.src", product_id: "libxml2-0:2.9.13-6.el9_4.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", }, product_reference: "libxml2-0:2.9.13-6.el9_4.src", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", }, product_reference: "libxml2-0:2.9.13-6.el9_4.src", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-05-02T14:58:39+00:00", details: "https://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2679", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
rhsa-2024:2679
Vulnerability from csaf_redhat
Published
2024-05-02 14:58
Modified
2025-01-09 06:20
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:2679", url: "https://access.redhat.com/errata/RHSA-2024:2679", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2679.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2025-01-09T06:20:30+00:00", generator: { date: "2025-01-09T06:20:30+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:2679", initial_release_date: "2024-05-02T14:58:39+00:00", revision_history: [ { date: "2024-05-02T14:58:39+00:00", number: "1", summary: "Initial version", }, { date: "2024-05-02T14:58:39+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T06:20:30+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 9)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:9::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", product_id: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.aarch64", product: { name: "libxml2-0:2.9.13-6.el9_4.aarch64", product_id: "libxml2-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", product: { name: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", product_id: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-6.el9_4?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", product_id: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.ppc64le", product: { name: "libxml2-0:2.9.13-6.el9_4.ppc64le", product_id: "libxml2-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", product: { name: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", product_id: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-6.el9_4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.i686", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.i686", product_id: "libxml2-devel-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.i686", product: { name: "libxml2-0:2.9.13-6.el9_4.i686", product_id: "libxml2-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", product_id: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.x86_64", product: { name: "libxml2-0:2.9.13-6.el9_4.x86_64", product_id: "libxml2-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", product: { name: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", product_id: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-6.el9_4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.s390x", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.s390x", product_id: "libxml2-devel-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.s390x", product: { name: "libxml2-0:2.9.13-6.el9_4.s390x", product_id: "libxml2-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-6.el9_4.s390x", product: { name: "python3-libxml2-0:2.9.13-6.el9_4.s390x", product_id: "python3-libxml2-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-6.el9_4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.src", product: { name: "libxml2-0:2.9.13-6.el9_4.src", product_id: "libxml2-0:2.9.13-6.el9_4.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", }, product_reference: "libxml2-0:2.9.13-6.el9_4.src", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", }, product_reference: "libxml2-0:2.9.13-6.el9_4.src", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-05-02T14:58:39+00:00", details: "https://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2679", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
rhsa-2024:3626
Vulnerability from csaf_redhat
Published
2024-06-05 10:40
Modified
2025-01-09 06:20
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.10.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of
various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact,
a CVSS score, acknowledgments, and other related information, refer
to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 8.10.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of\nvarious XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact,\na CVSS score, acknowledgments, and other related information, refer\nto the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3626", url: "https://access.redhat.com/errata/RHSA-2024:3626", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3626.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2025-01-09T06:20:16+00:00", generator: { date: "2025-01-09T06:20:16+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:3626", initial_release_date: "2024-06-05T10:40:16+00:00", revision_history: [ { date: "2024-06-05T10:40:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T10:40:16+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T06:20:16+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 8)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:8::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.aarch64", product: { name: "libxml2-0:2.9.7-18.el8_10.1.aarch64", product_id: "libxml2-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", product: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", product_id: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", product_id: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", product_id: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.i686", product: { name: "libxml2-0:2.9.7-18.el8_10.1.i686", product_id: "libxml2-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.x86_64", product: { name: "libxml2-0:2.9.7-18.el8_10.1.x86_64", product_id: "libxml2-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", product: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", product_id: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.s390x", product: { name: "libxml2-0:2.9.7-18.el8_10.1.s390x", product_id: "libxml2-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", product: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", product_id: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-18.el8_10.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.src", product: { name: "libxml2-0:2.9.7-18.el8_10.1.src", product_id: "libxml2-0:2.9.7-18.el8_10.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.src", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.src", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T10:40:16+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3626", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
RHSA-2024:3626
Vulnerability from csaf_redhat
Published
2024-06-05 10:40
Modified
2025-01-09 06:20
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.10.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of
various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact,
a CVSS score, acknowledgments, and other related information, refer
to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 8.10.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of\nvarious XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact,\na CVSS score, acknowledgments, and other related information, refer\nto the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3626", url: "https://access.redhat.com/errata/RHSA-2024:3626", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3626.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2025-01-09T06:20:16+00:00", generator: { date: "2025-01-09T06:20:16+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:3626", initial_release_date: "2024-06-05T10:40:16+00:00", revision_history: [ { date: "2024-06-05T10:40:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T10:40:16+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T06:20:16+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 8)", product: { name: "Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:8::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 8)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:8::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.aarch64", product: { name: "libxml2-0:2.9.7-18.el8_10.1.aarch64", product_id: "libxml2-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", product: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", product_id: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-18.el8_10.1?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", product_id: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", product: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", product_id: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-18.el8_10.1?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.i686", product: { name: "libxml2-0:2.9.7-18.el8_10.1.i686", product_id: "libxml2-0:2.9.7-18.el8_10.1.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.x86_64", product: { name: "libxml2-0:2.9.7-18.el8_10.1.x86_64", product_id: "libxml2-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", product: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", product_id: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-18.el8_10.1?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", product: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", product_id: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", product: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", product_id: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product_id: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.s390x", product: { name: "libxml2-0:2.9.7-18.el8_10.1.s390x", product_id: "libxml2-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", product: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", product_id: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-18.el8_10.1?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-18.el8_10.1.src", product: { name: "libxml2-0:2.9.7-18.el8_10.1.src", product_id: "libxml2-0:2.9.7-18.el8_10.1.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-18.el8_10.1?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.src as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.src", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)", product_id: "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "AppStream-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.src", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)", product_id: "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", relates_to_product_reference: "BaseOS-8.10.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T10:40:16+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3626", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "AppStream-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.src", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:libxml2-devel-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-0:2.9.7-18.el8_10.1.x86_64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.aarch64", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.i686", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.ppc64le", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.s390x", "BaseOS-8.10.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.7-18.el8_10.1.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
rhsa-2024:3625
Vulnerability from csaf_redhat
Published
2024-06-05 10:19
Modified
2025-01-09 06:20
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact,
a CVSS score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact,\n a CVSS score, acknowledgments, and other related information, refer to the CVE page(s)\n listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3625", url: "https://access.redhat.com/errata/RHSA-2024:3625", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3625.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2025-01-09T06:20:00+00:00", generator: { date: "2025-01-09T06:20:00+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:3625", initial_release_date: "2024-06-05T10:19:16+00:00", revision_history: [ { date: "2024-06-05T10:19:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T10:19:16+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T06:20:00+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.2)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:9.2::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.aarch64", product: { name: "libxml2-0:2.9.13-3.el9_2.3.aarch64", product_id: "libxml2-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", product: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", product_id: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", product_id: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", product_id: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.i686", product: { name: "libxml2-0:2.9.13-3.el9_2.3.i686", product_id: "libxml2-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.x86_64", product: { name: "libxml2-0:2.9.13-3.el9_2.3.x86_64", product_id: "libxml2-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", product: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", product_id: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.s390x", product: { name: "libxml2-0:2.9.13-3.el9_2.3.s390x", product_id: "libxml2-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", product: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", product_id: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.3?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.src", product: { name: "libxml2-0:2.9.13-3.el9_2.3.src", product_id: "libxml2-0:2.9.13-3.el9_2.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.src", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.src", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T10:19:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3625", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
RHSA-2024:3299
Vulnerability from csaf_redhat
Published
2024-05-22 22:01
Modified
2025-01-09 06:19
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.6.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of
various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 8.6.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of\nvarious XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3299", url: "https://access.redhat.com/errata/RHSA-2024:3299", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3299.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2025-01-09T06:19:39+00:00", generator: { date: "2025-01-09T06:19:39+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:3299", initial_release_date: "2024-05-22T22:01:12+00:00", revision_history: [ { date: "2024-05-22T22:01:12+00:00", number: "1", summary: "Initial version", }, { date: "2024-05-22T22:01:12+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T06:19:39+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.6::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:8.6::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.src", product: { name: "libxml2-0:2.9.7-13.el8_6.5.src", product_id: "libxml2-0:2.9.7-13.el8_6.5.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=src", }, }, }, ], category: "architecture", name: "src", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.aarch64", product: { name: "libxml2-0:2.9.7-13.el8_6.5.aarch64", product_id: "libxml2-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", product: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", product_id: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", product_id: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", product_id: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.i686", product: { name: "libxml2-0:2.9.7-13.el8_6.5.i686", product_id: "libxml2-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=i686", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.x86_64", product: { name: "libxml2-0:2.9.7-13.el8_6.5.x86_64", product_id: "libxml2-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", product: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", product_id: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-13.el8_6.5.s390x", product: { name: "libxml2-0:2.9.7-13.el8_6.5.s390x", product_id: "libxml2-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", product: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", product_id: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", product: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", product_id: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product_id: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-13.el8_6.5?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", product: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", product_id: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-13.el8_6.5?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.src", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)", product_id: "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "AppStream-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.src", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.6)", product_id: "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", relates_to_product_reference: "BaseOS-8.6.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-05-22T22:01:12+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3299", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "AppStream-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "AppStream-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.src", "BaseOS-8.6.0.Z.EUS:libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-debugsource-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:libxml2-devel-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-0:2.9.7-13.el8_6.5.x86_64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.aarch64", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.i686", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.ppc64le", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.s390x", "BaseOS-8.6.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-13.el8_6.5.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
rhsa-2024_1317
Vulnerability from csaf_redhat
Published
2024-03-18 16:22
Modified
2024-11-24 12:38
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP3 security update
Notes
Topic
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.
Security Fix(es):
* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)
* curl: excessively long file name may lead to unknown HSTS status (CVE-2023-46219)
* httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)
* jbcs-httpd24-mod_proxy_cluster: mod_cluster/mod_proxy_cluster: Stored Cross site Scripting (CVE-2023-6710)
* jbcs-httpd24-openssl: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)
* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)\n* curl: excessively long file name may lead to unknown HSTS status (CVE-2023-46219)\n* httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)\n* jbcs-httpd24-mod_proxy_cluster: mod_cluster/mod_proxy_cluster: Stored Cross site Scripting (CVE-2023-6710)\n* jbcs-httpd24-openssl: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)\n* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:1317", url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_3_release_notes", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_3_release_notes", }, { category: "external", summary: "2235864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2235864", }, { category: "external", summary: "2245332", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245332", }, { category: "external", summary: "2248616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", }, { category: "external", summary: "2252030", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252030", }, { category: "external", summary: "2252034", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252034", }, { category: "external", summary: "2254128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254128", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1317.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP3 security update", tracking: { current_release_date: "2024-11-24T12:38:50+00:00", generator: { date: "2024-11-24T12:38:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:1317", initial_release_date: "2024-03-18T16:22:13+00:00", revision_history: [ { date: "2024-03-18T16:22:13+00:00", number: "1", summary: "Initial version", }, { date: "2024-03-19T15:40:02+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-24T12:38:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Core Services 1", product: { name: "Red Hat JBoss Core Services 1", product_id: "Red Hat JBoss Core Services 1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-5678", cwe: { id: "CWE-325", name: "Missing Cryptographic Step", }, discovery_date: "2023-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2248616", }, ], notes: [ { category: "description", text: "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in OpenSSL is categorized as a low severity issue primarily because it requires specific conditions to exploit and doesn't directly result in a full Denial of Service (DoS). While the excessive time spent in DH key generation or verification could potentially cause delays, the impact is mitigated by the fact that it requires untrusted sources supplying large Q parameter values. Additionally, the OpenSSL SSL/TLS implementation remains unaffected, limiting the scope of potential attacks. Moreover, there are inherent limits on key length, which further restrict the potential for exploitation.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5678", }, { category: "external", summary: "RHBZ#2248616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5678", url: "https://www.cve.org/CVERecord?id=CVE-2023-5678", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", }, { category: "external", summary: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", }, { category: "external", summary: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", }, { category: "external", summary: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", }, { category: "external", summary: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20231106.txt", url: "https://www.openssl.org/news/secadv/20231106.txt", }, ], release_date: "2023-10-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Core Services 1", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", }, { acknowledgments: [ { names: [ "Mohamed Mounir Boudjema", ], organization: "Intervalle-Technologies", }, ], cve: "CVE-2023-6710", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254128", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.", title: "Vulnerability description", }, { category: "summary", text: "mod_cluster/mod_proxy_cluster: Stored Cross site Scripting", title: "Vulnerability summary", }, { category: "other", text: "The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-6710", }, { category: "external", summary: "RHBZ#2254128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-6710", url: "https://www.cve.org/CVERecord?id=CVE-2023-6710", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-6710", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-6710", }, ], release_date: "2023-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Core Services 1", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_cluster/mod_proxy_cluster: Stored Cross site Scripting", }, { cve: "CVE-2023-31122", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2245332", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_macro: out-of-bounds read vulnerability", title: "Vulnerability summary", }, { category: "other", text: "This flaw only affects configurations with mod_macro loaded and when a very long macro is configured and used, specifically a macro longer than 8191 characters. If these conditions are not present, the server is not affected and no further mitigation is needed. For more information about the mitigation, see the mitigation section below.\n\nThe httpd mod_macro module is enabled by default in Red Hat Enterprise Linux 8, 9, and in RHSCL. However, there are no macros used in the default httpd configuration.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-31122", }, { category: "external", summary: "RHBZ#2245332", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245332", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-31122", url: "https://www.cve.org/CVERecord?id=CVE-2023-31122", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-31122", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-31122", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122", }, ], release_date: "2023-10-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "workaround", details: "Disabling mod_macro and restarting httpd or making sure the macros used are smaller than the required length to trigger this vulnerability will mitigate this flaw. Furthermore, it's unlikely that a very long macro with the length needed to trigger this issue is being used.", product_ids: [ "Red Hat JBoss Core Services 1", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_macro: out-of-bounds read vulnerability", }, { cve: "CVE-2023-39615", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2023-08-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2235864", }, ], notes: [ { category: "description", text: "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: crafted xml can cause global buffer overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39615", }, { category: "external", summary: "RHBZ#2235864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2235864", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39615", url: "https://www.cve.org/CVERecord?id=CVE-2023-39615", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39615", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39615", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/535", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/535", }, ], release_date: "2023-08-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: crafted xml can cause global buffer overflow", }, { acknowledgments: [ { names: [ "Harry Sintonen", ], organization: "reported", }, { names: [ "Daniel Stenberg", ], organization: "patched", }, ], cve: "CVE-2023-46218", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, discovery_date: "2023-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2252030", }, ], notes: [ { category: "description", text: "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", title: "Vulnerability description", }, { category: "summary", text: "curl: information disclosure by exploiting a mixed case flaw", title: "Vulnerability summary", }, { category: "other", text: "When curl is built without PSL support, it cannot protect against this problem but it is expected to not allow \"too wide\" cookies when PSL support is enabled.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-46218", }, { category: "external", summary: "RHBZ#2252030", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252030", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-46218", url: "https://www.cve.org/CVERecord?id=CVE-2023-46218", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-46218", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46218", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-46218.html", url: "https://curl.se/docs/CVE-2023-46218.html", }, ], release_date: "2023-12-06T07:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: information disclosure by exploiting a mixed case flaw", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "patched", }, { names: [ "Maksymilian Arciemowicz", ], organization: "reported", }, ], cve: "CVE-2023-46219", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, discovery_date: "2023-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2252034", }, ], notes: [ { category: "description", text: "A security bypass flaw was found in Curl, which can be triggered by saving HSTS data to an excessively long file name. This issue occurs due to an error in handling HSTS long file names, leading to the removal of all contents from the file during the save process, and may allow a remote attacker to send a specially crafted request to use files without awareness of the HSTS status and enable a Man-in-the-Middle (MitM) attack.", title: "Vulnerability description", }, { category: "summary", text: "curl: excessively long file name may lead to unknown HSTS status", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-46219", }, { category: "external", summary: "RHBZ#2252034", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252034", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-46219", url: "https://www.cve.org/CVERecord?id=CVE-2023-46219", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-46219", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46219", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-46219.html", url: "https://curl.se/docs/CVE-2023-46219.html", }, ], release_date: "2023-12-06T07:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: excessively long file name may lead to unknown HSTS status", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Core Services 1", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
RHSA-2024:2679
Vulnerability from csaf_redhat
Published
2024-05-02 14:58
Modified
2025-01-09 06:20
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:2679", url: "https://access.redhat.com/errata/RHSA-2024:2679", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2679.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2025-01-09T06:20:30+00:00", generator: { date: "2025-01-09T06:20:30+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:2679", initial_release_date: "2024-05-02T14:58:39+00:00", revision_history: [ { date: "2024-05-02T14:58:39+00:00", number: "1", summary: "Initial version", }, { date: "2024-05-02T14:58:39+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T06:20:30+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 9)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:9::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", product_id: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.aarch64", product: { name: "libxml2-0:2.9.13-6.el9_4.aarch64", product_id: "libxml2-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", product: { name: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", product_id: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-6.el9_4?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", product_id: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.ppc64le", product: { name: "libxml2-0:2.9.13-6.el9_4.ppc64le", product_id: "libxml2-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", product: { name: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", product_id: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-6.el9_4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.i686", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.i686", product_id: "libxml2-devel-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.i686", product: { name: "libxml2-0:2.9.13-6.el9_4.i686", product_id: "libxml2-0:2.9.13-6.el9_4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", product_id: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.x86_64", product: { name: "libxml2-0:2.9.13-6.el9_4.x86_64", product_id: "libxml2-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", product: { name: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", product_id: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-6.el9_4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-6.el9_4.s390x", product: { name: "libxml2-devel-0:2.9.13-6.el9_4.s390x", product_id: "libxml2-devel-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", product: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", product_id: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product_id: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.s390x", product: { name: "libxml2-0:2.9.13-6.el9_4.s390x", product_id: "libxml2-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-6.el9_4.s390x", product: { name: "python3-libxml2-0:2.9.13-6.el9_4.s390x", product_id: "python3-libxml2-0:2.9.13-6.el9_4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-6.el9_4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.13-6.el9_4.src", product: { name: "libxml2-0:2.9.13-6.el9_4.src", product_id: "libxml2-0:2.9.13-6.el9_4.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-6.el9_4?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", }, product_reference: "libxml2-0:2.9.13-6.el9_4.src", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "AppStream-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", }, product_reference: "libxml2-0:2.9.13-6.el9_4.src", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", }, product_reference: "libxml2-devel-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", }, product_reference: "python3-libxml2-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", relates_to_product_reference: "BaseOS-9.4.0.Z.MAIN.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-05-02T14:58:39+00:00", details: "https://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:2679", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "AppStream-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.src", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-debugsource-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:libxml2-devel-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-0:2.9.13-6.el9_4.x86_64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.aarch64", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.i686", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.ppc64le", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.s390x", "BaseOS-9.4.0.Z.MAIN.EUS:python3-libxml2-debuginfo-0:2.9.13-6.el9_4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
RHSA-2024:1317
Vulnerability from csaf_redhat
Published
2024-03-18 16:22
Modified
2025-03-20 13:15
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP3 security update
Notes
Topic
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.
Security Fix(es):
* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)
* curl: excessively long file name may lead to unknown HSTS status (CVE-2023-46219)
* httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)
* jbcs-httpd24-mod_proxy_cluster: mod_cluster/mod_proxy_cluster: Stored Cross site Scripting (CVE-2023-6710)
* jbcs-httpd24-openssl: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)
* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)\n* curl: excessively long file name may lead to unknown HSTS status (CVE-2023-46219)\n* httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)\n* jbcs-httpd24-mod_proxy_cluster: mod_cluster/mod_proxy_cluster: Stored Cross site Scripting (CVE-2023-6710)\n* jbcs-httpd24-openssl: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)\n* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:1317", url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_3_release_notes", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_3_release_notes", }, { category: "external", summary: "2235864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2235864", }, { category: "external", summary: "2245332", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245332", }, { category: "external", summary: "2248616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", }, { category: "external", summary: "2252030", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252030", }, { category: "external", summary: "2252034", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252034", }, { category: "external", summary: "2254128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254128", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1317.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP3 security update", tracking: { current_release_date: "2025-03-20T13:15:25+00:00", generator: { date: "2025-03-20T13:15:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:1317", initial_release_date: "2024-03-18T16:22:13+00:00", revision_history: [ { date: "2024-03-18T16:22:13+00:00", number: "1", summary: "Initial version", }, { date: "2024-03-19T15:40:02+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-20T13:15:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Text-Only JBCS", product: { name: "Text-Only JBCS", product_id: "Text-Only JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-5678", cwe: { id: "CWE-325", name: "Missing Cryptographic Step", }, discovery_date: "2023-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2248616", }, ], notes: [ { category: "description", text: "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in OpenSSL is categorized as a low severity issue primarily because it requires specific conditions to exploit and doesn't directly result in a full Denial of Service (DoS). While the excessive time spent in DH key generation or verification could potentially cause delays, the impact is mitigated by the fact that it requires untrusted sources supplying large Q parameter values. Additionally, the OpenSSL SSL/TLS implementation remains unaffected, limiting the scope of potential attacks. Moreover, there are inherent limits on key length, which further restrict the potential for exploitation.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5678", }, { category: "external", summary: "RHBZ#2248616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5678", url: "https://www.cve.org/CVERecord?id=CVE-2023-5678", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", }, { category: "external", summary: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", }, { category: "external", summary: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", }, { category: "external", summary: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", }, { category: "external", summary: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20231106.txt", url: "https://www.openssl.org/news/secadv/20231106.txt", }, ], release_date: "2023-10-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", }, { acknowledgments: [ { names: [ "Mohamed Mounir Boudjema", ], organization: "Intervalle-Technologies", }, ], cve: "CVE-2023-6710", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254128", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.", title: "Vulnerability description", }, { category: "summary", text: "mod_cluster/mod_proxy_cluster: Stored Cross site Scripting", title: "Vulnerability summary", }, { category: "other", text: "The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-6710", }, { category: "external", summary: "RHBZ#2254128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-6710", url: "https://www.cve.org/CVERecord?id=CVE-2023-6710", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-6710", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-6710", }, ], release_date: "2023-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_cluster/mod_proxy_cluster: Stored Cross site Scripting", }, { cve: "CVE-2023-31122", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2245332", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_macro: out-of-bounds read vulnerability", title: "Vulnerability summary", }, { category: "other", text: "This flaw only affects configurations with mod_macro loaded and when a very long macro is configured and used, specifically a macro longer than 8191 characters. If these conditions are not present, the server is not affected and no further mitigation is needed. For more information about the mitigation, see the mitigation section below.\n\nThe httpd mod_macro module is enabled by default in Red Hat Enterprise Linux 8, 9, and in RHSCL. However, there are no macros used in the default httpd configuration.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-31122", }, { category: "external", summary: "RHBZ#2245332", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245332", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-31122", url: "https://www.cve.org/CVERecord?id=CVE-2023-31122", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-31122", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-31122", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122", }, ], release_date: "2023-10-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "workaround", details: "Disabling mod_macro and restarting httpd or making sure the macros used are smaller than the required length to trigger this vulnerability will mitigate this flaw. Furthermore, it's unlikely that a very long macro with the length needed to trigger this issue is being used.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_macro: out-of-bounds read vulnerability", }, { cve: "CVE-2023-39615", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2023-08-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2235864", }, ], notes: [ { category: "description", text: "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: crafted xml can cause global buffer overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39615", }, { category: "external", summary: "RHBZ#2235864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2235864", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39615", url: "https://www.cve.org/CVERecord?id=CVE-2023-39615", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39615", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39615", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/535", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/535", }, ], release_date: "2023-08-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: crafted xml can cause global buffer overflow", }, { acknowledgments: [ { names: [ "Harry Sintonen", ], organization: "reported", }, { names: [ "Daniel Stenberg", ], organization: "patched", }, ], cve: "CVE-2023-46218", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, discovery_date: "2023-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2252030", }, ], notes: [ { category: "description", text: "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", title: "Vulnerability description", }, { category: "summary", text: "curl: information disclosure by exploiting a mixed case flaw", title: "Vulnerability summary", }, { category: "other", text: "When curl is built without PSL support, it cannot protect against this problem but it is expected to not allow \"too wide\" cookies when PSL support is enabled.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-46218", }, { category: "external", summary: "RHBZ#2252030", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252030", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-46218", url: "https://www.cve.org/CVERecord?id=CVE-2023-46218", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-46218", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46218", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-46218.html", url: "https://curl.se/docs/CVE-2023-46218.html", }, ], release_date: "2023-12-06T07:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: information disclosure by exploiting a mixed case flaw", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "patched", }, { names: [ "Maksymilian Arciemowicz", ], organization: "reported", }, ], cve: "CVE-2023-46219", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, discovery_date: "2023-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2252034", }, ], notes: [ { category: "description", text: "A security bypass flaw was found in Curl, which can be triggered by saving HSTS data to an excessively long file name. This issue occurs due to an error in handling HSTS long file names, leading to the removal of all contents from the file during the save process, and may allow a remote attacker to send a specially crafted request to use files without awareness of the HSTS status and enable a Man-in-the-Middle (MitM) attack.", title: "Vulnerability description", }, { category: "summary", text: "curl: excessively long file name may lead to unknown HSTS status", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-46219", }, { category: "external", summary: "RHBZ#2252034", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252034", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-46219", url: "https://www.cve.org/CVERecord?id=CVE-2023-46219", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-46219", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46219", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-46219.html", url: "https://curl.se/docs/CVE-2023-46219.html", }, ], release_date: "2023-12-06T07:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: excessively long file name may lead to unknown HSTS status", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
RHSA-2024:3625
Vulnerability from csaf_redhat
Published
2024-06-05 10:19
Modified
2025-01-09 06:20
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact,
a CVSS score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact,\n a CVSS score, acknowledgments, and other related information, refer to the CVE page(s)\n listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3625", url: "https://access.redhat.com/errata/RHSA-2024:3625", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3625.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2025-01-09T06:20:00+00:00", generator: { date: "2025-01-09T06:20:00+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:3625", initial_release_date: "2024-06-05T10:19:16+00:00", revision_history: [ { date: "2024-06-05T10:19:16+00:00", number: "1", summary: "Initial version", }, { date: "2024-06-05T10:19:16+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T06:20:00+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.9.2)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:9.2::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:9.2::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.aarch64", product: { name: "libxml2-0:2.9.13-3.el9_2.3.aarch64", product_id: "libxml2-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", product: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", product_id: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.3?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", product_id: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", product: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", product_id: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.3?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.i686", product: { name: "libxml2-0:2.9.13-3.el9_2.3.i686", product_id: "libxml2-0:2.9.13-3.el9_2.3.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.x86_64", product: { name: "libxml2-0:2.9.13-3.el9_2.3.x86_64", product_id: "libxml2-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", product: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", product_id: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.3?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", product: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", product_id: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", product: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", product_id: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product_id: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.s390x", product: { name: "libxml2-0:2.9.13-3.el9_2.3.s390x", product_id: "libxml2-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", product: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", product_id: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.13-3.el9_2.3?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.13-3.el9_2.3.src", product: { name: "libxml2-0:2.9.13-3.el9_2.3.src", product_id: "libxml2-0:2.9.13-3.el9_2.3.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.13-3.el9_2.3?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.src", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.2)", product_id: "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "AppStream-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.src", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.2)", product_id: "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", relates_to_product_reference: "BaseOS-9.2.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-06-05T10:19:16+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe desktop must be restarted (log out, then log back in) for this update to take effect.", product_ids: [ "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3625", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "AppStream-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "AppStream-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.src", "BaseOS-9.2.0.Z.EUS:libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-debugsource-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:libxml2-devel-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-0:2.9.13-3.el9_2.3.x86_64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.aarch64", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.i686", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.ppc64le", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.s390x", "BaseOS-9.2.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.13-3.el9_2.3.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
RHSA-2024:3303
Vulnerability from csaf_redhat
Published
2024-05-23 06:34
Modified
2025-01-09 06:19
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.8.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of
various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 8.8.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of\nvarious XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3303", url: "https://access.redhat.com/errata/RHSA-2024:3303", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3303.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2025-01-09T06:19:50+00:00", generator: { date: "2025-01-09T06:19:50+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.5", }, }, id: "RHSA-2024:3303", initial_release_date: "2024-05-23T06:34:13+00:00", revision_history: [ { date: "2024-05-23T06:34:13+00:00", number: "1", summary: "Initial version", }, { date: "2024-05-23T06:34:13+00:00", number: "2", summary: "Last updated version", }, { date: "2025-01-09T06:19:50+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.8)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.8::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:8.8::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.aarch64", product: { name: "libxml2-0:2.9.7-16.el8_8.4.aarch64", product_id: "libxml2-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", product: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", product_id: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", product_id: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", product_id: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.i686", product: { name: "libxml2-0:2.9.7-16.el8_8.4.i686", product_id: "libxml2-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.x86_64", product: { name: "libxml2-0:2.9.7-16.el8_8.4.x86_64", product_id: "libxml2-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", product: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", product_id: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.s390x", product: { name: "libxml2-0:2.9.7-16.el8_8.4.s390x", product_id: "libxml2-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", product: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", product_id: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.src", product: { name: "libxml2-0:2.9.7-16.el8_8.4.src", product_id: "libxml2-0:2.9.7-16.el8_8.4.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.src", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.src", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-05-23T06:34:13+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3303", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
rhsa-2024:1317
Vulnerability from csaf_redhat
Published
2024-03-18 16:22
Modified
2025-03-20 13:15
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP3 security update
Notes
Topic
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.
Security Fix(es):
* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)
* curl: excessively long file name may lead to unknown HSTS status (CVE-2023-46219)
* httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)
* jbcs-httpd24-mod_proxy_cluster: mod_cluster/mod_proxy_cluster: Stored Cross site Scripting (CVE-2023-6710)
* jbcs-httpd24-openssl: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)
* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 3 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.57 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)\n* curl: excessively long file name may lead to unknown HSTS status (CVE-2023-46219)\n* httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)\n* jbcs-httpd24-mod_proxy_cluster: mod_cluster/mod_proxy_cluster: Stored Cross site Scripting (CVE-2023-6710)\n* jbcs-httpd24-openssl: openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow (CVE-2023-5678)\n* libxml2: crafted xml can cause global buffer overflow (CVE-2023-39615)\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nA Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:1317", url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_3_release_notes", url: "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.57/html/red_hat_jboss_core_services_apache_http_server_2.4.57_service_pack_3_release_notes", }, { category: "external", summary: "2235864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2235864", }, { category: "external", summary: "2245332", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245332", }, { category: "external", summary: "2248616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", }, { category: "external", summary: "2252030", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252030", }, { category: "external", summary: "2252034", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252034", }, { category: "external", summary: "2254128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254128", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1317.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP3 security update", tracking: { current_release_date: "2025-03-20T13:15:25+00:00", generator: { date: "2025-03-20T13:15:25+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:1317", initial_release_date: "2024-03-18T16:22:13+00:00", revision_history: [ { date: "2024-03-18T16:22:13+00:00", number: "1", summary: "Initial version", }, { date: "2024-03-19T15:40:02+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-20T13:15:25+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Text-Only JBCS", product: { name: "Text-Only JBCS", product_id: "Text-Only JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2023-5678", cwe: { id: "CWE-325", name: "Missing Cryptographic Step", }, discovery_date: "2023-11-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2248616", }, ], notes: [ { category: "description", text: "A flaw was found in OpenSSL, which caused the generation or checking of long X9.42 DH keys or parameters to be much slower than expected. This issue could lead to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability in OpenSSL is categorized as a low severity issue primarily because it requires specific conditions to exploit and doesn't directly result in a full Denial of Service (DoS). While the excessive time spent in DH key generation or verification could potentially cause delays, the impact is mitigated by the fact that it requires untrusted sources supplying large Q parameter values. Additionally, the OpenSSL SSL/TLS implementation remains unaffected, limiting the scope of potential attacks. Moreover, there are inherent limits on key length, which further restrict the potential for exploitation.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-5678", }, { category: "external", summary: "RHBZ#2248616", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-5678", url: "https://www.cve.org/CVERecord?id=CVE-2023-5678", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", }, { category: "external", summary: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", }, { category: "external", summary: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", }, { category: "external", summary: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", }, { category: "external", summary: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", url: "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", }, { category: "external", summary: "https://www.openssl.org/news/secadv/20231106.txt", url: "https://www.openssl.org/news/secadv/20231106.txt", }, ], release_date: "2023-10-24T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", }, { acknowledgments: [ { names: [ "Mohamed Mounir Boudjema", ], organization: "Intervalle-Technologies", }, ], cve: "CVE-2023-6710", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, discovery_date: "2023-12-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2254128", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.", title: "Vulnerability description", }, { category: "summary", text: "mod_cluster/mod_proxy_cluster: Stored Cross site Scripting", title: "Vulnerability summary", }, { category: "other", text: "The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-6710", }, { category: "external", summary: "RHBZ#2254128", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254128", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-6710", url: "https://www.cve.org/CVERecord?id=CVE-2023-6710", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-6710", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-6710", }, ], release_date: "2023-12-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "mod_cluster/mod_proxy_cluster: Stored Cross site Scripting", }, { cve: "CVE-2023-31122", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, discovery_date: "2023-10-19T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2245332", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_macro module of httpd. When processing a very long macro, the null byte terminator will not be added, leading to an out-of-bounds read, resulting in a crash.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_macro: out-of-bounds read vulnerability", title: "Vulnerability summary", }, { category: "other", text: "This flaw only affects configurations with mod_macro loaded and when a very long macro is configured and used, specifically a macro longer than 8191 characters. If these conditions are not present, the server is not affected and no further mitigation is needed. For more information about the mitigation, see the mitigation section below.\n\nThe httpd mod_macro module is enabled by default in Red Hat Enterprise Linux 8, 9, and in RHSCL. However, there are no macros used in the default httpd configuration.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-31122", }, { category: "external", summary: "RHBZ#2245332", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2245332", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-31122", url: "https://www.cve.org/CVERecord?id=CVE-2023-31122", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-31122", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-31122", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2023-31122", }, ], release_date: "2023-10-19T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "workaround", details: "Disabling mod_macro and restarting httpd or making sure the macros used are smaller than the required length to trigger this vulnerability will mitigate this flaw. Furthermore, it's unlikely that a very long macro with the length needed to trigger this issue is being used.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_macro: out-of-bounds read vulnerability", }, { cve: "CVE-2023-39615", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, discovery_date: "2023-08-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2235864", }, ], notes: [ { category: "description", text: "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: crafted xml can cause global buffer overflow", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-39615", }, { category: "external", summary: "RHBZ#2235864", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2235864", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-39615", url: "https://www.cve.org/CVERecord?id=CVE-2023-39615", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-39615", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-39615", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/535", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/535", }, ], release_date: "2023-08-29T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: crafted xml can cause global buffer overflow", }, { acknowledgments: [ { names: [ "Harry Sintonen", ], organization: "reported", }, { names: [ "Daniel Stenberg", ], organization: "patched", }, ], cve: "CVE-2023-46218", cwe: { id: "CWE-201", name: "Insertion of Sensitive Information Into Sent Data", }, discovery_date: "2023-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2252030", }, ], notes: [ { category: "description", text: "A flaw was found in curl that verifies a given cookie domain against the Public Suffix List. This issue could allow a malicious HTTP server to set \"super cookies\" in curl that are passed back to more origins than what is otherwise allowed or possible.", title: "Vulnerability description", }, { category: "summary", text: "curl: information disclosure by exploiting a mixed case flaw", title: "Vulnerability summary", }, { category: "other", text: "When curl is built without PSL support, it cannot protect against this problem but it is expected to not allow \"too wide\" cookies when PSL support is enabled.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-46218", }, { category: "external", summary: "RHBZ#2252030", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252030", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-46218", url: "https://www.cve.org/CVERecord?id=CVE-2023-46218", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-46218", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46218", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-46218.html", url: "https://curl.se/docs/CVE-2023-46218.html", }, ], release_date: "2023-12-06T07:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: information disclosure by exploiting a mixed case flaw", }, { acknowledgments: [ { names: [ "Daniel Stenberg", ], organization: "patched", }, { names: [ "Maksymilian Arciemowicz", ], organization: "reported", }, ], cve: "CVE-2023-46219", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, discovery_date: "2023-11-29T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2252034", }, ], notes: [ { category: "description", text: "A security bypass flaw was found in Curl, which can be triggered by saving HSTS data to an excessively long file name. This issue occurs due to an error in handling HSTS long file names, leading to the removal of all contents from the file during the save process, and may allow a remote attacker to send a specially crafted request to use files without awareness of the HSTS status and enable a Man-in-the-Middle (MitM) attack.", title: "Vulnerability description", }, { category: "summary", text: "curl: excessively long file name may lead to unknown HSTS status", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-46219", }, { category: "external", summary: "RHBZ#2252034", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2252034", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-46219", url: "https://www.cve.org/CVERecord?id=CVE-2023-46219", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-46219", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46219", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-46219.html", url: "https://curl.se/docs/CVE-2023-46219.html", }, ], release_date: "2023-12-06T07:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: excessively long file name may lead to unknown HSTS status", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-03-18T16:22:13+00:00", details: "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
rhsa-2024_3303
Vulnerability from csaf_redhat
Published
2024-05-23 06:34
Modified
2024-11-21 21:13
Summary
Red Hat Security Advisory: libxml2 security update
Notes
Topic
An update for libxml2 is now available for Red Hat Enterprise Linux 8.8.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
The libxml2 library is a development toolbox providing the implementation of
various XML standards.
Security Fix(es):
* libxml2: use-after-free in XMLReader (CVE-2024-25062)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for libxml2 is now available for Red Hat Enterprise Linux 8.8.\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", title: "Topic", }, { category: "general", text: "The libxml2 library is a development toolbox providing the implementation of\nvarious XML standards.\n\nSecurity Fix(es):\n\n* libxml2: use-after-free in XMLReader (CVE-2024-25062)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:3303", url: "https://access.redhat.com/errata/RHSA-2024:3303", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3303.json", }, ], title: "Red Hat Security Advisory: libxml2 security update", tracking: { current_release_date: "2024-11-21T21:13:00+00:00", generator: { date: "2024-11-21T21:13:00+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2024:3303", initial_release_date: "2024-05-23T06:34:13+00:00", revision_history: [ { date: "2024-05-23T06:34:13+00:00", number: "1", summary: "Initial version", }, { date: "2024-05-23T06:34:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-21T21:13:00+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream EUS (v.8.8)", product: { name: "Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS", product_identification_helper: { cpe: "cpe:/a:redhat:rhel_eus:8.8::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product: { name: "Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS", product_identification_helper: { cpe: "cpe:/o:redhat:rhel_eus:8.8::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.aarch64", product: { name: "libxml2-0:2.9.7-16.el8_8.4.aarch64", product_id: "libxml2-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", product: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", product_id: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.4?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", product_id: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", product: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", product_id: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.4?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=i686", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=i686", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.i686", product: { name: "libxml2-0:2.9.7-16.el8_8.4.i686", product_id: "libxml2-0:2.9.7-16.el8_8.4.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.x86_64", product: { name: "libxml2-0:2.9.7-16.el8_8.4.x86_64", product_id: "libxml2-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", product: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", product_id: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.4?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", product: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", product_id: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-devel@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", product: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", product_id: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debugsource@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product_id: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2-debuginfo@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product_id: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2-debuginfo@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.s390x", product: { name: "libxml2-0:2.9.7-16.el8_8.4.s390x", product_id: "libxml2-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=s390x", }, }, }, { category: "product_version", name: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", product: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", product_id: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/python3-libxml2@2.9.7-16.el8_8.4?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "libxml2-0:2.9.7-16.el8_8.4.src", product: { name: "libxml2-0:2.9.7-16.el8_8.4.src", product_id: "libxml2-0:2.9.7-16.el8_8.4.src", product_identification_helper: { purl: "pkg:rpm/redhat/libxml2@2.9.7-16.el8_8.4?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.src", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.8)", product_id: "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "AppStream-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.src", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, { category: "default_component_of", full_product_name: { name: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.8.8)", product_id: "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", }, product_reference: "python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", relates_to_product_reference: "BaseOS-8.8.0.Z.EUS", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2024-02-05T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2262726", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in libxml2. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: use-after-free in XMLReader", title: "Vulnerability summary", }, { category: "other", text: "The severity of this vulnerability is not important but moderate due to the lack of impact to both confidentiality and integrity, but potential impact to availability. The theoretical risk of impact to availability is limited due to the specific requirement that applications must continue to misuse the reader API after it has already reported validation errors instead of handling those errors. The flaw requires that crafted XML documents can be provided by an attacker and the utilization of DTD validation and XInclude expansion using the XMLReader API. Along with those conditions, the application using the XMLReader API must be ignoring errors when expanding invalid XInclude nodes in an maliciously crafted document. These conditions are unlikely to exist in the intended usage of the XMLReader API.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-25062", }, { category: "external", summary: "RHBZ#2262726", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-25062", url: "https://www.cve.org/CVERecord?id=CVE-2024-25062", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], release_date: "2024-02-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-05-23T06:34:13+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:3303", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "AppStream-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "AppStream-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.src", "BaseOS-8.8.0.Z.EUS:libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-debugsource-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:libxml2-devel-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-0:2.9.7-16.el8_8.4.x86_64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.aarch64", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.i686", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.ppc64le", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.s390x", "BaseOS-8.8.0.Z.EUS:python3-libxml2-debuginfo-0:2.9.7-16.el8_8.4.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: use-after-free in XMLReader", }, ], }
ncsc-2024-0298
Vulnerability from csaf_ncscnl
Published
2024-07-17 13:54
Modified
2024-07-17 13:54
Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Er zijn kwetsbaarheden verholpen in Oracle Fusion Middleware.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen
Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans
medium
Schade
high
CWE-122
Heap-based Buffer Overflow
CWE-145
Improper Neutralization of Section Delimiters
CWE-190
Integer Overflow or Wraparound
CWE-20
Improper Input Validation
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-222
Truncation of Security-relevant Information
CWE-284
Improper Access Control
CWE-299
Improper Check for Certificate Revocation
CWE-306
Missing Authentication for Critical Function
CWE-328
Use of Weak Hash
CWE-377
Insecure Temporary File
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-416
Use After Free
CWE-552
Files or Directories Accessible to External Parties
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-918
Server-Side Request Forgery (SSRF)
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Er zijn kwetsbaarheden verholpen in Oracle Fusion Middleware.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Improper Neutralization of Section Delimiters", title: "CWE-145", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Check for Certificate Revocation", title: "CWE-299", }, { category: "general", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "Use of Weak Hash", title: "CWE-328", }, { category: "general", text: "Insecure Temporary File", title: "CWE-377", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-13956", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1945", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-29425", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45378", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-29081", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-34034", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-36478", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45853", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46750", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4759", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5072", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52425", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-0853", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21133", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21175", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21181", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21182", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21183", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22243", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22259", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22262", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29857", }, { category: "external", summary: "Reference - oracle", url: "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json", }, { category: "external", summary: "Reference - cveprojectv5; ibm; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, ], title: " Kwetsbaarheden verholpen in Oracle Fusion Middleware", tracking: { current_release_date: "2024-07-17T13:54:00.411174Z", id: "NCSC-2024-0298", initial_release_date: "2024-07-17T13:54:00.411174Z", revision_history: [ { date: "2024-07-17T13:54:00.411174Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "fusion_middleware_mapviewer", product: { name: "fusion_middleware_mapviewer", product_id: "CSAFPID-226018", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-271904", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2020-1945", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, notes: [ { category: "other", text: "Insecure Temporary File", title: "CWE-377", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2020-1945", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1945.json", }, ], title: "CVE-2020-1945", }, { cve: "CVE-2020-13956", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2020-13956", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2020-13956", }, { cve: "CVE-2021-29425", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2021-29425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29425.json", }, ], title: "CVE-2021-29425", }, { cve: "CVE-2021-37533", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2021-37533", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2021-37533", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2022-40152", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40152.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2022-40152", }, { cve: "CVE-2022-45378", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2022-45378", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45378.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2022-45378", }, { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, ], product_status: { known_affected: [ "CSAFPID-271904", "CSAFPID-226018", ], }, references: [ { category: "self", summary: "CVE-2023-2976", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-271904", "CSAFPID-226018", ], }, ], title: "CVE-2023-2976", }, { cve: "CVE-2023-4759", product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-4759", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2023-4759", }, { cve: "CVE-2023-5072", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-271904", "CSAFPID-226018", ], }, references: [ { category: "self", summary: "CVE-2023-5072", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-271904", "CSAFPID-226018", ], }, ], title: "CVE-2023-5072", }, { cve: "CVE-2023-6129", cwe: { id: "CWE-328", name: "Use of Weak Hash", }, notes: [ { category: "other", text: "Use of Weak Hash", title: "CWE-328", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-6129", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6129.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2023-6129", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-271904", "CSAFPID-226018", ], }, references: [ { category: "self", summary: "CVE-2023-24998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json", }, ], title: "CVE-2023-24998", }, { cve: "CVE-2023-29081", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-29081", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29081.json", }, ], title: "CVE-2023-29081", }, { cve: "CVE-2023-34034", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Neutralization of Section Delimiters", title: "CWE-145", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-34034", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34034.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2023-34034", }, { cve: "CVE-2023-36478", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-271904", "CSAFPID-226018", ], }, references: [ { category: "self", summary: "CVE-2023-36478", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36478.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-271904", "CSAFPID-226018", ], }, ], title: "CVE-2023-36478", }, { cve: "CVE-2023-45853", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-45853", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45853.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2023-45853", }, { cve: "CVE-2023-46750", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-46750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46750.json", }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2023-46750", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-271904", "CSAFPID-226018", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-271904", "CSAFPID-226018", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2024-0853", cwe: { id: "CWE-299", name: "Improper Check for Certificate Revocation", }, notes: [ { category: "other", text: "Improper Check for Certificate Revocation", title: "CWE-299", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-0853", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0853.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2024-0853", }, { cve: "CVE-2024-21133", product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-21133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21133.json", }, ], title: "CVE-2024-21133", }, { cve: "CVE-2024-21175", product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-21175", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21175.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2024-21175", }, { cve: "CVE-2024-21181", product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-21181", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21181.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2024-21181", }, { cve: "CVE-2024-21182", product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-21182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2024-21182", }, { cve: "CVE-2024-21183", product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-21183", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21183.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2024-21183", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-22243", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-22243", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22243.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2024-22243", }, { cve: "CVE-2024-22259", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-22259", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22259.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2024-22259", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-29857", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2024-29857", }, ], }
NCSC-2024-0414
Vulnerability from csaf_ncscnl
Published
2024-10-17 13:17
Modified
2024-10-17 13:17
Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse Communications producten en systemen.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van gegevens
- Uitvoer van willekeurige code (Gebruikersrechten)
- Uitvoer van willekeurige code (Administratorrechten)
- Toegang tot gevoelige gegevens
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-122
Heap-based Buffer Overflow
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
CWE-466
Return of Pointer Value Outside of Expected Range
CWE-606
Unchecked Input for Loop Condition
CWE-390
Detection of Error Condition Without Action
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-222
Truncation of Security-relevant Information
CWE-364
Signal Handler Race Condition
CWE-450
Multiple Interpretations of UI Input
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-772
Missing Release of Resource after Effective Lifetime
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-126
Buffer Over-read
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-755
Improper Handling of Exceptional Conditions
CWE-834
Excessive Iteration
CWE-407
Inefficient Algorithmic Complexity
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-427
Uncontrolled Search Path Element
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-195
Signed to Unsigned Conversion Error
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-116
Improper Encoding or Escaping of Output
CWE-345
Insufficient Verification of Data Authenticity
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-190
Integer Overflow or Wraparound
CWE-61
UNIX Symbolic Link (Symlink) Following
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416
Use After Free
CWE-401
Missing Release of Memory after Effective Lifetime
CWE-476
NULL Pointer Dereference
CWE-459
Incomplete Cleanup
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-248
Uncaught Exception
CWE-674
Uncontrolled Recursion
CWE-918
Server-Side Request Forgery (SSRF)
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse Communications producten en systemen.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van gegevens\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Uitvoer van willekeurige code (Administratorrechten)\n- Toegang tot gevoelige gegevens", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "general", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Signal Handler Race Condition", title: "CWE-364", }, { category: "general", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "general", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, { category: "general", text: "Buffer Over-read", title: "CWE-126", }, { category: "general", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "general", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "general", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "general", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Incomplete Cleanup", title: "CWE-459", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Uncaught Exception", title: "CWE-248", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Communications", tracking: { current_release_date: "2024-10-17T13:17:52.103171Z", id: "NCSC-2024-0414", initial_release_date: "2024-10-17T13:17:52.103171Z", revision_history: [ { date: "2024-10-17T13:17:52.103171Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635312", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670430", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635320", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670439", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670429", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670435", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670431", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670436", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670432", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635321", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674640", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674642", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670434", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674637", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670438", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635315", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670433", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674641", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670437", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635308", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications__10.4.0.4", product: { name: "communications__10.4.0.4", product_id: "CSAFPID-1674629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications__10.4.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.2", product: { name: "communications___23.4.2", product_id: "CSAFPID-1670442", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.3", product: { name: "communications___23.4.3", product_id: "CSAFPID-1635325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.4", product: { name: "communications___23.4.4", product_id: "CSAFPID-1635326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.5", product: { name: "communications___23.4.5", product_id: "CSAFPID-1674645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.6", product: { name: "communications___23.4.6", product_id: "CSAFPID-1674646", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___24.2.0", product: { name: "communications___24.2.0", product_id: "CSAFPID-1674644", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___24.2.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___7.2.1.0.0", product: { name: "communications___7.2.1.0.0", product_id: "CSAFPID-1670441", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___7.2.1.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.6", product: { name: "communications___8.6.0.6", product_id: "CSAFPID-1635327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.8", product: { name: "communications___8.6.0.8", product_id: "CSAFPID-1635328", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.8:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.2", product: { name: "communications___9.0.2", product_id: "CSAFPID-1670440", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.3", product: { name: "communications___9.0.3", product_id: "CSAFPID-1635329", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.1.1.8.0", product: { name: "communications___9.1.1.8.0", product_id: "CSAFPID-1674643", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.1.1.8.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674621", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674618", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674619", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674617", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674620", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___12.0.6.0.0", product: { name: "communications_applications___12.0.6.0.0", product_id: "CSAFPID-1674627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___12.0.6.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___5.5.22", product: { name: "communications_applications___5.5.22", product_id: "CSAFPID-1674626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___5.5.22:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.3", product: { name: "communications_applications___6.0.3", product_id: "CSAFPID-1674628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.4", product: { name: "communications_applications___6.0.4", product_id: "CSAFPID-1674624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.5", product: { name: "communications_applications___6.0.5", product_id: "CSAFPID-1674625", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-204629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-1673475", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-816792", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-764735", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-1650734", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4.0-12.0.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-204639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-204627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-816793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-912557", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management__-_elastic_charging_engine", product: { name: "communications_billing_and_revenue_management__-_elastic_charging_engine", product_id: "CSAFPID-219835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management__-_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-764247", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3.0.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-41194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-1650820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-765241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-498607", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12:0.0.5.0:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-912556", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_calendar_server", product: { name: "communications_calendar_server", product_id: "CSAFPID-764736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_calendar_server", product: { name: "communications_calendar_server", product_id: "CSAFPID-220190", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_configuration_console", product: { name: "communications_cloud_native_configuration_console", product_id: "CSAFPID-391501", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_configuration_console", product: { name: "communications_cloud_native_configuration_console", product_id: "CSAFPID-440102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-89545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-180215", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-180197", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-41516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-41515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220057", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220055", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1503577", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673416", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673412", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673411", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764237", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-2045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-40612", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-608629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-93784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1899", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-41111", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1685", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-493445", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-294401", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-220547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764824", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-220459", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45184", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45181", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611405", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611403", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611404", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1650752", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1673396", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-912066", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1503323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673526", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-165550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-93546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-180195", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-40299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-187447", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-45186", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-45185", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-220559", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-220558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-764238", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-764239", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816768", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816769", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-912085", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1503578", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673389", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673421", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673420", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-764825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-912068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-1503579", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-180201", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1900", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-760687", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-40947", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-93635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-503534", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-90018", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-220327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-94290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-220325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-614513", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-643776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-816772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-912076", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1503580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40613", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-2044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40301", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-180194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-449747", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40298", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-223527", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-449746", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-503493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-260394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-219838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-611387", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-618156", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-816773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912101", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1673473", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0-24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1503581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912539", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912540", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912541", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912542", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912543", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-40611", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-40609", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-180198", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-41112", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-41110", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-760688", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-493444", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-93633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220056", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-223511", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-216017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220889", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220918", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614514", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816346", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912077", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1503322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673415", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-40608", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-180199", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-41113", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-260395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-260393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816348", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-912545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816347", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673494", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673501", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-764240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-220468", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-2310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-93547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-180200", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-180193", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-93636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-90020", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-90015", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-220133", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1650751", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-912069", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-765371", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:all_supported_s:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-180216", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-180202", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-40300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-93653", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-40949", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-642000", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-93634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220561", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-90021", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-218028", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220910", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-611401", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-816778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-614517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1503582", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-40610", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-611587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-642002", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-493443", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-642001", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503583", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503585", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1672767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-180217", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-180196", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-165576", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-40297", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764899", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-589926", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-179780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-40948", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-589925", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-179779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90019", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90016", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-220326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912078", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816349", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1673399", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-764737", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-224787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-220189", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-764827", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-764828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server_-_service_controller", product: { name: "communications_converged_application_server_-_service_controller", product_id: "CSAFPID-764734", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server_-_service_controller", product: { name: "communications_converged_application_server_-_service_controller", product_id: "CSAFPID-426842", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503599", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-345031", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-204635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-764833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-224793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-816794", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-342793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1650777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-764248", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-816350", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1261", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-110244", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-110242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-93777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.45:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-1672764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-93772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_data_model", product: { name: "communications_data_model", product_id: "CSAFPID-764902", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_data_model:12.2.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-765372", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-342799", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704412", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704411", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-165544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704410", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-41183", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_intelligence_hub", product: { name: "communications_diameter_intelligence_hub", product_id: "CSAFPID-342802", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_intelligence_hub", product: { name: "communications_diameter_intelligence_hub", product_id: "CSAFPID-764829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1503588", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1892", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1891", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1888", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1887", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1889", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1884", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1885", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1882", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1883", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1879", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1880", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-40293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1650826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1650830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-611413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912551", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912552", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_application_processor", product: { name: "communications_eagle_application_processor", product_id: "CSAFPID-1673417", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_application_processor:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_application_processor", product: { name: "communications_eagle_application_processor", product_id: "CSAFPID-765369", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_application_processor:all_supported_s:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-204528", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_ftp_table_base_retrieval", product: { name: "communications_eagle_ftp_table_base_retrieval", product_id: "CSAFPID-204623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_lnp_application_processor", product: { name: "communications_eagle_lnp_application_processor", product_id: "CSAFPID-352633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_lnp_application_processor", product: { name: "communications_eagle_lnp_application_processor", product_id: "CSAFPID-352632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_software", product: { name: "communications_eagle_software", product_id: "CSAFPID-765366", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_software", product: { name: "communications_eagle_software", product_id: "CSAFPID-765365", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_software:46.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_elastic_charging_engine", product: { name: "communications_elastic_charging_engine", product_id: "CSAFPID-764834", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-764242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-9226", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-9070", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-8845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-2286", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204464", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-345038", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-93629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-611422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-93630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-816780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_evolved_communications_application_server", product: { name: "communications_evolved_communications_application_server", product_id: "CSAFPID-204645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-912553", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-207586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-234306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-219803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-387664", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_interactive_session_recorder", product: { name: "communications_interactive_session_recorder", product_id: "CSAFPID-1893", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-204622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-219909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_lsms", product: { name: "communications_lsms", product_id: "CSAFPID-1673065", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_lsms:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-764835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-375182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-816351", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-41182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-611595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-226017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-220167", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816353", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-764243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816352", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1673414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816783", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816786", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816785", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816788", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-342803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1650778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-764249", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-816354", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-204563", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-220125", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-245244", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-219776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-204554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-765242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-9489", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-110249", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-93781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-220132", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-912079", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-219898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-221118", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-179774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-1673496", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence", product: { name: "communications_performance_intelligence", product_id: "CSAFPID-1503591", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center", product: { name: "communications_performance_intelligence_center", product_id: "CSAFPID-1673485", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center:prior_to_10.4.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-765367", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-765368", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-764830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-573035", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-45192", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-611406", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-764738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-204595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-204590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-816355", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816359", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816358", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816357", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-912558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503602", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816797", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_services_gatekeeper", product: { name: "communications_services_gatekeeper", product_id: "CSAFPID-608630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503592", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503593", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1672762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503594", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-342804", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-704413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2296", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-166028", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2288", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2282", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2285", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2279", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-204634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-345039", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-93628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-611423", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-93631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-816791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-342805", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-704414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-166027", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2295", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2289", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2287", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2283", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2284", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2280", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2281", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-220414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-204607", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_router", product: { name: "communications_session_router", product_id: "CSAFPID-764780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_router:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_router", product: { name: "communications_session_router", product_id: "CSAFPID-764781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_router:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_subscriber-aware_load_balancer", product: { name: "communications_subscriber-aware_load_balancer", product_id: "CSAFPID-93775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_subscriber-aware_load_balancer", product: { name: "communications_subscriber-aware_load_balancer", product_id: "CSAFPID-93774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-240600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673070", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673381", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1650731", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673530", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-764901", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-614089", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-764739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204614", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-8984", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204510", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-219826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-912073", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_session_manager", product: { name: "communications_unified_session_manager", product_id: "CSAFPID-110243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_session_manager", product: { name: "communications_unified_session_manager", product_id: "CSAFPID-205759", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503596", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503598", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-764900", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-76994", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-568240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-764782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-355340", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-912080", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1673481", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-912554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-611408", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-703515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-611407", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-204456", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-41182", "CSAFPID-209546", "CSAFPID-40608", "CSAFPID-180216", "CSAFPID-93547", "CSAFPID-180217", "CSAFPID-2310", "CSAFPID-40612", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-1899", "CSAFPID-41111", "CSAFPID-40299", "CSAFPID-187447", "CSAFPID-1900", "CSAFPID-40301", "CSAFPID-180194", "CSAFPID-40298", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-40300", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-40294", "CSAFPID-110243", "CSAFPID-204629", "CSAFPID-765241", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-41183", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-1893", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-204456", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-204645", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180196", "CSAFPID-180201", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-764739", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204635", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673381", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2021-37137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37137.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-41182", "CSAFPID-209546", "CSAFPID-40608", "CSAFPID-180216", "CSAFPID-93547", "CSAFPID-180217", "CSAFPID-2310", "CSAFPID-40612", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-1899", "CSAFPID-41111", "CSAFPID-40299", "CSAFPID-187447", "CSAFPID-1900", "CSAFPID-40301", "CSAFPID-180194", "CSAFPID-40298", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-40300", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-40294", "CSAFPID-110243", "CSAFPID-204629", "CSAFPID-765241", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-41183", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-1893", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-204456", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-204645", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180196", "CSAFPID-180201", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-764739", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204635", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673381", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2021-37137", }, { cve: "CVE-2022-2068", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-40949", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-764735", "CSAFPID-204635", "CSAFPID-41183", "CSAFPID-234306", "CSAFPID-41182", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-764738", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-220547", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-93636", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-2068", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2068.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-40949", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-764735", "CSAFPID-204635", "CSAFPID-41183", "CSAFPID-234306", "CSAFPID-41182", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-764738", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-220547", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-93636", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-2068", }, { cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-2601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2601.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-704410", "CSAFPID-704411", "CSAFPID-704412", "CSAFPID-226017", "CSAFPID-179774", "CSAFPID-219898", "CSAFPID-219826", "CSAFPID-204569", "CSAFPID-204510", "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-220548", "CSAFPID-608629", "CSAFPID-93784", "CSAFPID-41111", "CSAFPID-1685", "CSAFPID-493445", "CSAFPID-294401", "CSAFPID-220547", "CSAFPID-764824", "CSAFPID-220459", "CSAFPID-764825", "CSAFPID-93635", "CSAFPID-503534", "CSAFPID-503493", "CSAFPID-493444", "CSAFPID-93633", "CSAFPID-260395", "CSAFPID-260393", "CSAFPID-220468", "CSAFPID-93636", "CSAFPID-93634", "CSAFPID-589926", "CSAFPID-179780", "CSAFPID-589925", "CSAFPID-179779", "CSAFPID-764826", "CSAFPID-764827", "CSAFPID-764828", "CSAFPID-764829", "CSAFPID-764830", "CSAFPID-220190", "CSAFPID-220189", "CSAFPID-764833", "CSAFPID-41183", "CSAFPID-764834", "CSAFPID-234306", "CSAFPID-764835", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-40949", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-204635", "CSAFPID-41182", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-1899", "CSAFPID-40299", "CSAFPID-1900", "CSAFPID-180194", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-110243", "CSAFPID-765241", "CSAFPID-209546", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180217", "CSAFPID-180196", "CSAFPID-40612", "CSAFPID-180201", "CSAFPID-180216", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-40608", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-2310", "CSAFPID-93547", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673065", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-23437", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-23437.json", }, ], title: "CVE-2022-23437", }, { cve: "CVE-2022-36760", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-704412", "CSAFPID-704411", "CSAFPID-704410", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-36760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36760.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-704412", "CSAFPID-704411", "CSAFPID-704410", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-36760", }, { cve: "CVE-2023-2953", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-2953", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2953.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-2953", }, { cve: "CVE-2023-3635", cwe: { id: "CWE-195", name: "Signed to Unsigned Conversion Error", }, notes: [ { category: "other", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "other", text: "Uncaught Exception", title: "CWE-248", }, ], product_status: { known_affected: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-204622", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-219909", "CSAFPID-220558", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611401", "CSAFPID-611406", "CSAFPID-611407", "CSAFPID-611408", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-614513", "CSAFPID-614514", "CSAFPID-614515", "CSAFPID-614516", "CSAFPID-614517", "CSAFPID-618156", "CSAFPID-643776", "CSAFPID-764237", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-764240", "CSAFPID-764241", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-764249", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", ], }, references: [ { category: "self", summary: "CVE-2023-3635", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3635.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-204622", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-219909", "CSAFPID-220558", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611401", "CSAFPID-611406", "CSAFPID-611407", "CSAFPID-611408", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-614513", "CSAFPID-614514", "CSAFPID-614515", "CSAFPID-614516", "CSAFPID-614517", "CSAFPID-618156", "CSAFPID-643776", "CSAFPID-764237", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-764240", "CSAFPID-764241", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-764249", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", ], }, ], title: "CVE-2023-3635", }, { cve: "CVE-2023-4043", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816352", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-342804", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-224793", "CSAFPID-816794", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342803", "CSAFPID-611595", "CSAFPID-764738", "CSAFPID-816351", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-912073", "CSAFPID-912558", ], }, references: [ { category: "self", summary: "CVE-2023-4043", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4043.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816352", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-342804", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-224793", "CSAFPID-816794", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342803", "CSAFPID-611595", "CSAFPID-764738", "CSAFPID-816351", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-912073", "CSAFPID-912558", ], }, ], title: "CVE-2023-4043", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2023-5685", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2023-5685", }, { cve: "CVE-2023-6597", cwe: { id: "CWE-61", name: "UNIX Symbolic Link (Symlink) Following", }, notes: [ { category: "other", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2023-6597", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6597.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2023-6597", }, { cve: "CVE-2023-6816", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-6816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6816.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-6816", }, { cve: "CVE-2023-38408", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-45182", "CSAFPID-40293", "CSAFPID-611406", "CSAFPID-764237", "CSAFPID-220558", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-614513", "CSAFPID-643776", "CSAFPID-611387", "CSAFPID-618156", "CSAFPID-614516", "CSAFPID-614515", "CSAFPID-614514", "CSAFPID-764240", "CSAFPID-94291", "CSAFPID-611401", "CSAFPID-614517", "CSAFPID-764241", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-342804", "CSAFPID-611408", "CSAFPID-611407", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-611595", "CSAFPID-764249", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-38408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38408.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-45182", "CSAFPID-40293", "CSAFPID-611406", "CSAFPID-764237", "CSAFPID-220558", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-614513", "CSAFPID-643776", "CSAFPID-611387", "CSAFPID-618156", "CSAFPID-614516", "CSAFPID-614515", "CSAFPID-614514", "CSAFPID-764240", "CSAFPID-94291", "CSAFPID-611401", "CSAFPID-614517", "CSAFPID-764241", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-342804", "CSAFPID-611408", "CSAFPID-611407", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-611595", "CSAFPID-764249", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-38408", }, { cve: "CVE-2023-43642", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673395", "CSAFPID-94291", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", ], }, references: [ { category: "self", summary: "CVE-2023-43642", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43642.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673395", "CSAFPID-94291", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", ], }, ], title: "CVE-2023-43642", }, { cve: "CVE-2023-46136", cwe: { id: "CWE-407", name: "Inefficient Algorithmic Complexity", }, notes: [ { category: "other", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673411", "CSAFPID-912549", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-220132", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-46136", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46136.json", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673411", "CSAFPID-912549", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-220132", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-46136", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816352", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-219803", "CSAFPID-816351", "CSAFPID-611595", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673417", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-90016", "CSAFPID-764826", "CSAFPID-345038", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-93781", "CSAFPID-345039", "CSAFPID-912080", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-611413", "CSAFPID-240600", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816352", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-219803", "CSAFPID-816351", "CSAFPID-611595", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673417", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-90016", "CSAFPID-764826", "CSAFPID-345038", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-93781", "CSAFPID-345039", "CSAFPID-912080", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-611413", "CSAFPID-240600", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-51775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2023-51775", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912102", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912102", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-0450", cwe: { id: "CWE-450", name: "Multiple Interpretations of UI Input", }, notes: [ { category: "other", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "other", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-0450", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-0450", }, { cve: "CVE-2024-2398", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], product_status: { known_affected: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-2398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-2398", }, { cve: "CVE-2024-4577", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-1650731", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-4577", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4577.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650731", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", cwe: { id: "CWE-606", name: "Unchecked Input for Loop Condition", }, notes: [ { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, ], product_status: { known_affected: [ "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-4603", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-4603", }, { cve: "CVE-2024-5585", cwe: { id: "CWE-116", name: "Improper Encoding or Escaping of Output", }, notes: [ { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, ], product_status: { known_affected: [ "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2024-5585", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5585.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2024-5585", }, { cve: "CVE-2024-5971", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, notes: [ { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673526", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-5971", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5971.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673526", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-5971", }, { cve: "CVE-2024-6162", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-6162", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-6162", }, { cve: "CVE-2024-6387", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "other", text: "Signal Handler Race Condition", title: "CWE-364", }, ], product_status: { known_affected: [ "CSAFPID-1503595", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-6387", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json", }, ], title: "CVE-2024-6387", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-7254", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json", }, ], title: "CVE-2024-7254", }, { cve: "CVE-2024-7264", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2024-7264", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2024-7264", }, { cve: "CVE-2024-22020", product_status: { known_affected: [ "CSAFPID-912101", "CSAFPID-1673473", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-22020", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912101", "CSAFPID-1673473", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-22020", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673475", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-224795", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673475", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-224795", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-22257", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-22257", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650820", "CSAFPID-1650751", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650820", "CSAFPID-1650751", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-23672", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-23672", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-23672", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650734", "CSAFPID-1650830", "CSAFPID-1650777", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-1650778", "CSAFPID-41182", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650734", "CSAFPID-1650830", "CSAFPID-1650777", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-1650778", "CSAFPID-41182", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1650752", "CSAFPID-1673481", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1650752", "CSAFPID-1673481", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-25638", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "other", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-25638", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25638.json", }, ], scores: [ { cvss_v3: { baseScore: 8.9, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-25638", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1673485", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673389", "CSAFPID-1672767", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673415", "CSAFPID-1673390", "CSAFPID-1673413", "CSAFPID-1673395", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1673485", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673389", "CSAFPID-1672767", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673415", "CSAFPID-1673390", "CSAFPID-1673413", "CSAFPID-1673395", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-29736", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-29736", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29736.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-29736", }, { cve: "CVE-2024-29857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1673413", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29857", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673413", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29857", }, { cve: "CVE-2024-30251", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-30251", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30251.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-30251", }, { cve: "CVE-2024-31080", cwe: { id: "CWE-126", name: "Buffer Over-read", }, notes: [ { category: "other", text: "Buffer Over-read", title: "CWE-126", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-31080", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31080.json", }, ], title: "CVE-2024-31080", }, { cve: "CVE-2024-31744", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-31744", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31744.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-31744", }, { cve: "CVE-2024-32760", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-32760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32760.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-32760", }, { cve: "CVE-2024-33602", cwe: { id: "CWE-466", name: "Return of Pointer Value Outside of Expected Range", }, notes: [ { category: "other", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-33602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-33602", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-37891", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, notes: [ { category: "other", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-37891", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-37891", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-39689", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673393", ], }, references: [ { category: "self", summary: "CVE-2024-39689", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39689.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673393", ], }, ], title: "CVE-2024-39689", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-1673516", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673516", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-41817", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1674625", ], }, references: [ { category: "self", summary: "CVE-2024-41817", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41817.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1674625", ], }, ], title: "CVE-2024-41817", }, { cve: "CVE-2024-43044", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673494", "CSAFPID-1673393", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-43044", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43044.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673494", "CSAFPID-1673393", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-43044", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-45492", }, ], }
ncsc-2024-0297
Vulnerability from csaf_ncscnl
Published
2024-07-17 13:53
Modified
2024-07-17 13:53
Summary
Kwetsbaarheden verholpen in Oracle Financial Services Applications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Er zijn kwetsbaarheden verholpen in Oracle Financial Services Applications.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen
Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans
medium
Schade
high
CWE-1188
Initialization of a Resource with an Insecure Default
CWE-121
Stack-based Buffer Overflow
CWE-20
Improper Input Validation
CWE-306
Missing Authentication for Critical Function
CWE-328
Use of Weak Hash
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-416
Use After Free
CWE-426
Untrusted Search Path
CWE-502
Deserialization of Untrusted Data
CWE-532
Insertion of Sensitive Information into Log File
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Er zijn kwetsbaarheden verholpen in Oracle Financial Services Applications.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Initialization of a Resource with an Insecure Default", title: "CWE-1188", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "Use of Weak Hash", title: "CWE-328", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Untrusted Search Path", title: "CWE-426", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-36944", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26031", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-34055", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-47248", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-50447", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-51074", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52425", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21188", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22262", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23807", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24549", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24816", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29133", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32114", }, { category: "external", summary: "Reference - oracle", url: "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json", }, { category: "external", summary: "Reference - cveprojectv5; ibm; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, ], title: " Kwetsbaarheden verholpen in Oracle Financial Services Applications", tracking: { current_release_date: "2024-07-17T13:53:54.655859Z", id: "NCSC-2024-0297", initial_release_date: "2024-07-17T13:53:54.655859Z", revision_history: [ { date: "2024-07-17T13:53:54.655859Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9711", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9522", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-8848", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189066", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189065", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_basic", product: { name: "financial_services_basel_regulatory_capital_basic", product_id: "CSAFPID-1503626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.0.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_basic", product: { name: "financial_services_basel_regulatory_capital_basic", product_id: "CSAFPID-1503627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.0.8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product: { name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product_id: "CSAFPID-1503628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.0.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product: { name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product_id: "CSAFPID-1503629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.0.8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-189067", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-93307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-219772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-219770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-816828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-1503630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_cash_flow_engine", product: { name: "financial_services_cash_flow_engine", product_id: "CSAFPID-764273", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_cash_flow_engine:8.1.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-345047", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-816829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-1503631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-1503632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.2.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-180190", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-816830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_lending_and_leasing", product: { name: "financial_services_lending_and_leasing", product_id: "CSAFPID-816831", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-611392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-611391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-1503319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-1503318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:_pricing_services___2.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816840", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:_security___5.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-765266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-344846", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.7.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816832", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816834", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-765264", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-765265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-344845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-400311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816836", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816837", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-400309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912591", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816839", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912592", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816841", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816842", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-1503637", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-1503923", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-1503638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product: { name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product_id: "CSAFPID-220374", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering_enterprise_edition:8.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product: { name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product_id: "CSAFPID-764926", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering_enterprise_edition:8.0.8.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-36944", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-764273", "CSAFPID-611392", "CSAFPID-611391", "CSAFPID-9522", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-344846", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-344845", "CSAFPID-816835", "CSAFPID-765266", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-8848", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-219772", "CSAFPID-219770", "CSAFPID-345047", "CSAFPID-219774", "CSAFPID-180190", "CSAFPID-219773", "CSAFPID-219771", "CSAFPID-220374", ], }, references: [ { category: "self", summary: "CVE-2022-36944", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36944.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-764273", "CSAFPID-611392", "CSAFPID-611391", "CSAFPID-9522", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-344846", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-344845", "CSAFPID-816835", "CSAFPID-765266", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-8848", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-219772", "CSAFPID-219770", "CSAFPID-345047", "CSAFPID-219774", "CSAFPID-180190", "CSAFPID-219773", "CSAFPID-219771", "CSAFPID-220374", ], }, ], title: "CVE-2022-36944", }, { cve: "CVE-2023-6129", cwe: { id: "CWE-328", name: "Use of Weak Hash", }, notes: [ { category: "other", text: "Use of Weak Hash", title: "CWE-328", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-6129", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6129.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-6129", }, { cve: "CVE-2023-26031", cwe: { id: "CWE-426", name: "Untrusted Search Path", }, notes: [ { category: "other", text: "Untrusted Search Path", title: "CWE-426", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-26031", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26031.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-26031", }, { cve: "CVE-2023-34055", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-34055", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34055.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-34055", }, { cve: "CVE-2023-44483", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "other", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, ], product_status: { known_affected: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-44483", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44483.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-44483", }, { cve: "CVE-2023-47248", product_status: { known_affected: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-1503318", "CSAFPID-1503319", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-47248", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-47248.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-1503318", "CSAFPID-1503319", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-47248", }, { cve: "CVE-2023-50447", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-50447", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50447.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-50447", }, { cve: "CVE-2023-51074", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-51074", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51074.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-51074", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2024-2511", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-2511", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-2511", }, { cve: "CVE-2024-21188", product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", "CSAFPID-816842", ], }, references: [ { category: "self", summary: "CVE-2024-21188", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21188.json", }, ], title: "CVE-2024-21188", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-24816", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-24816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24816.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-24816", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-32114", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "other", text: "Initialization of a Resource with an Insecure Default", title: "CWE-1188", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-32114", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32114.json", }, ], scores: [ { cvss_v3: { baseScore: 8.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-32114", }, ], }
NCSC-2024-0297
Vulnerability from csaf_ncscnl
Published
2024-07-17 13:53
Modified
2024-07-17 13:53
Summary
Kwetsbaarheden verholpen in Oracle Financial Services Applications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Er zijn kwetsbaarheden verholpen in Oracle Financial Services Applications.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen
Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans
medium
Schade
high
CWE-1188
Initialization of a Resource with an Insecure Default
CWE-121
Stack-based Buffer Overflow
CWE-20
Improper Input Validation
CWE-306
Missing Authentication for Critical Function
CWE-328
Use of Weak Hash
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-416
Use After Free
CWE-426
Untrusted Search Path
CWE-502
Deserialization of Untrusted Data
CWE-532
Insertion of Sensitive Information into Log File
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Er zijn kwetsbaarheden verholpen in Oracle Financial Services Applications.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Initialization of a Resource with an Insecure Default", title: "CWE-1188", }, { category: "general", text: "Stack-based Buffer Overflow", title: "CWE-121", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "Use of Weak Hash", title: "CWE-328", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Untrusted Search Path", title: "CWE-426", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-36944", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-26031", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-34055", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-44483", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-47248", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-50447", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-51074", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52425", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21188", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22262", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23807", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24549", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24816", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-2511", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29133", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-32114", }, { category: "external", summary: "Reference - oracle", url: "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json", }, { category: "external", summary: "Reference - cveprojectv5; ibm; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, ], title: " Kwetsbaarheden verholpen in Oracle Financial Services Applications", tracking: { current_release_date: "2024-07-17T13:53:54.655859Z", id: "NCSC-2024-0297", initial_release_date: "2024-07-17T13:53:54.655859Z", revision_history: [ { date: "2024-07-17T13:53:54.655859Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9711", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-9522", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-8848", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189066", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_analytical_applications_infrastructure", product: { name: "financial_services_analytical_applications_infrastructure", product_id: "CSAFPID-189065", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_basic", product: { name: "financial_services_basel_regulatory_capital_basic", product_id: "CSAFPID-1503626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.0.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_basic", product: { name: "financial_services_basel_regulatory_capital_basic", product_id: "CSAFPID-1503627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.0.8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product: { name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product_id: "CSAFPID-1503628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.0.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product: { name: "financial_services_basel_regulatory_capital_internal_ratings_based_approach", product_id: "CSAFPID-1503629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.0.8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-189067", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-93307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-219772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-219770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-816828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_behavior_detection_platform", product: { name: "financial_services_behavior_detection_platform", product_id: "CSAFPID-1503630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_cash_flow_engine", product: { name: "financial_services_cash_flow_engine", product_id: "CSAFPID-764273", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_cash_flow_engine:8.1.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-345047", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-816829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-1503631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_compliance_studio", product: { name: "financial_services_compliance_studio", product_id: "CSAFPID-1503632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_compliance_studio:8.1.2.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.2.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-180190", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-219771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-816830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_enterprise_case_management", product: { name: "financial_services_enterprise_case_management", product_id: "CSAFPID-1503636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_lending_and_leasing", product: { name: "financial_services_lending_and_leasing", product_id: "CSAFPID-816831", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-611392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-611391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-1503319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_model_management_and_governance", product: { name: "financial_services_model_management_and_governance", product_id: "CSAFPID-1503318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.2.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:_pricing_services___2.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816840", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:_security___5.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-765266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-344846", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.7.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816832", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816834", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-765264", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-765265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-344845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-400311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816836", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816837", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-400309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:3.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912591", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:4.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816839", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-912592", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816841", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:5.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-816842", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-1503637", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-1503923", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_revenue_management_and_billing", product: { name: "financial_services_revenue_management_and_billing", product_id: "CSAFPID-1503638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:6.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product: { name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product_id: "CSAFPID-220374", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering_enterprise_edition:8.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product: { name: "financial_services_trade-based_anti_money_laundering_enterprise_edition", product_id: "CSAFPID-764926", product_identification_helper: { cpe: "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering_enterprise_edition:8.0.8.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-36944", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-764273", "CSAFPID-611392", "CSAFPID-611391", "CSAFPID-9522", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-344846", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-344845", "CSAFPID-816835", "CSAFPID-765266", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-8848", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-219772", "CSAFPID-219770", "CSAFPID-345047", "CSAFPID-219774", "CSAFPID-180190", "CSAFPID-219773", "CSAFPID-219771", "CSAFPID-220374", ], }, references: [ { category: "self", summary: "CVE-2022-36944", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36944.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-764273", "CSAFPID-611392", "CSAFPID-611391", "CSAFPID-9522", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-344846", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-344845", "CSAFPID-816835", "CSAFPID-765266", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-8848", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-219772", "CSAFPID-219770", "CSAFPID-345047", "CSAFPID-219774", "CSAFPID-180190", "CSAFPID-219773", "CSAFPID-219771", "CSAFPID-220374", ], }, ], title: "CVE-2022-36944", }, { cve: "CVE-2023-6129", cwe: { id: "CWE-328", name: "Use of Weak Hash", }, notes: [ { category: "other", text: "Use of Weak Hash", title: "CWE-328", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-6129", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6129.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-6129", }, { cve: "CVE-2023-26031", cwe: { id: "CWE-426", name: "Untrusted Search Path", }, notes: [ { category: "other", text: "Untrusted Search Path", title: "CWE-426", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-26031", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26031.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-26031", }, { cve: "CVE-2023-34055", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-34055", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34055.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-34055", }, { cve: "CVE-2023-44483", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "other", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, ], product_status: { known_affected: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-44483", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44483.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-44483", }, { cve: "CVE-2023-47248", product_status: { known_affected: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-1503318", "CSAFPID-1503319", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-47248", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-47248.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-8848", "CSAFPID-9300", "CSAFPID-9522", "CSAFPID-9711", "CSAFPID-93307", "CSAFPID-180190", "CSAFPID-189065", "CSAFPID-189066", "CSAFPID-189067", "CSAFPID-219770", "CSAFPID-219771", "CSAFPID-219774", "CSAFPID-220374", "CSAFPID-344845", "CSAFPID-344846", "CSAFPID-765266", "CSAFPID-816828", "CSAFPID-816829", "CSAFPID-816830", "CSAFPID-816831", "CSAFPID-816832", "CSAFPID-816833", "CSAFPID-816834", "CSAFPID-816835", "CSAFPID-816836", "CSAFPID-816837", "CSAFPID-816838", "CSAFPID-816839", "CSAFPID-816840", "CSAFPID-816841", "CSAFPID-816842", "CSAFPID-1503318", "CSAFPID-1503319", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-47248", }, { cve: "CVE-2023-50447", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-50447", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-50447.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-50447", }, { cve: "CVE-2023-51074", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "other", text: "Stack-based Buffer Overflow", title: "CWE-121", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-51074", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51074.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-51074", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2024-2511", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-2511", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2511.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-2511", }, { cve: "CVE-2024-21188", product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", "CSAFPID-816842", ], }, references: [ { category: "self", summary: "CVE-2024-21188", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21188.json", }, ], title: "CVE-2024-21188", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-24816", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-24816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24816.json", }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-24816", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-400309", "CSAFPID-400311", "CSAFPID-765264", "CSAFPID-765265", "CSAFPID-912589", "CSAFPID-912590", "CSAFPID-912591", "CSAFPID-912592", "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-32114", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "other", text: "Initialization of a Resource with an Insecure Default", title: "CWE-1188", }, ], product_status: { known_affected: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, references: [ { category: "self", summary: "CVE-2024-32114", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32114.json", }, ], scores: [ { cvss_v3: { baseScore: 8.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-9711", "CSAFPID-9300", "CSAFPID-189066", "CSAFPID-189065", "CSAFPID-1503626", "CSAFPID-1503627", "CSAFPID-1503628", "CSAFPID-1503629", "CSAFPID-189067", "CSAFPID-93307", "CSAFPID-816828", "CSAFPID-1503630", "CSAFPID-1503631", "CSAFPID-1503632", "CSAFPID-1503633", "CSAFPID-1503634", "CSAFPID-1503635", "CSAFPID-1503636", "CSAFPID-1503319", "CSAFPID-1503318", "CSAFPID-1503637", "CSAFPID-1503638", "CSAFPID-764926", ], }, ], title: "CVE-2024-32114", }, ], }
ncsc-2024-0414
Vulnerability from csaf_ncscnl
Published
2024-10-17 13:17
Modified
2024-10-17 13:17
Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse Communications producten en systemen.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van gegevens
- Uitvoer van willekeurige code (Gebruikersrechten)
- Uitvoer van willekeurige code (Administratorrechten)
- Toegang tot gevoelige gegevens
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-122
Heap-based Buffer Overflow
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
CWE-466
Return of Pointer Value Outside of Expected Range
CWE-606
Unchecked Input for Loop Condition
CWE-390
Detection of Error Condition Without Action
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-222
Truncation of Security-relevant Information
CWE-364
Signal Handler Race Condition
CWE-450
Multiple Interpretations of UI Input
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-772
Missing Release of Resource after Effective Lifetime
CWE-669
Incorrect Resource Transfer Between Spheres
CWE-126
Buffer Over-read
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-349
Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-755
Improper Handling of Exceptional Conditions
CWE-834
Excessive Iteration
CWE-407
Inefficient Algorithmic Complexity
CWE-754
Improper Check for Unusual or Exceptional Conditions
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-427
Uncontrolled Search Path Element
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-195
Signed to Unsigned Conversion Error
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-116
Improper Encoding or Escaping of Output
CWE-345
Insufficient Verification of Data Authenticity
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-190
Integer Overflow or Wraparound
CWE-61
UNIX Symbolic Link (Symlink) Following
CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-125
Out-of-bounds Read
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-416
Use After Free
CWE-401
Missing Release of Memory after Effective Lifetime
CWE-476
NULL Pointer Dereference
CWE-459
Incomplete Cleanup
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-248
Uncaught Exception
CWE-674
Uncontrolled Recursion
CWE-918
Server-Side Request Forgery (SSRF)
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in diverse Communications producten en systemen.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van gegevens\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Uitvoer van willekeurige code (Administratorrechten)\n- Toegang tot gevoelige gegevens", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "general", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, { category: "general", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "general", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Signal Handler Race Condition", title: "CWE-364", }, { category: "general", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "general", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, { category: "general", text: "Buffer Over-read", title: "CWE-126", }, { category: "general", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "general", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, { category: "general", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "general", text: "Excessive Iteration", title: "CWE-834", }, { category: "general", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "general", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, { category: "general", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, { category: "general", text: "Uncontrolled Search Path Element", title: "CWE-427", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, { category: "general", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Incomplete Cleanup", title: "CWE-459", }, { category: "general", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Uncaught Exception", title: "CWE-248", }, { category: "general", text: "Uncontrolled Recursion", title: "CWE-674", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Communications", tracking: { current_release_date: "2024-10-17T13:17:52.103171Z", id: "NCSC-2024-0414", initial_release_date: "2024-10-17T13:17:52.103171Z", revision_history: [ { date: "2024-10-17T13:17:52.103171Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635311", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635312", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670430", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635320", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670439", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670429", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670435", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670431", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670436", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670432", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635321", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674640", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674642", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670434", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674638", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674637", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670438", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635315", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670433", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674641", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.0.1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1670437", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1674634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635308", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications", product: { name: "communications", product_id: "CSAFPID-1635309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications__10.4.0.4", product: { name: "communications__10.4.0.4", product_id: "CSAFPID-1674629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications__10.4.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.2", product: { name: "communications___23.4.2", product_id: "CSAFPID-1670442", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.3", product: { name: "communications___23.4.3", product_id: "CSAFPID-1635325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.4", product: { name: "communications___23.4.4", product_id: "CSAFPID-1635326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.5", product: { name: "communications___23.4.5", product_id: "CSAFPID-1674645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___23.4.6", product: { name: "communications___23.4.6", product_id: "CSAFPID-1674646", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___23.4.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___24.2.0", product: { name: "communications___24.2.0", product_id: "CSAFPID-1674644", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___24.2.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___7.2.1.0.0", product: { name: "communications___7.2.1.0.0", product_id: "CSAFPID-1670441", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___7.2.1.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.6", product: { name: "communications___8.6.0.6", product_id: "CSAFPID-1635327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.6:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___8.6.0.8", product: { name: "communications___8.6.0.8", product_id: "CSAFPID-1635328", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___8.6.0.8:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.2", product: { name: "communications___9.0.2", product_id: "CSAFPID-1670440", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.2:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.0.3", product: { name: "communications___9.0.3", product_id: "CSAFPID-1635329", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications___9.1.1.8.0", product: { name: "communications___9.1.1.8.0", product_id: "CSAFPID-1674643", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications___9.1.1.8.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674621", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674618", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674619", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674617", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications", product: { name: "communications_applications", product_id: "CSAFPID-1674620", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___12.0.6.0.0", product: { name: "communications_applications___12.0.6.0.0", product_id: "CSAFPID-1674627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___12.0.6.0.0:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___5.5.22", product: { name: "communications_applications___5.5.22", product_id: "CSAFPID-1674626", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___5.5.22:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.3", product: { name: "communications_applications___6.0.3", product_id: "CSAFPID-1674628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.3:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.4", product: { name: "communications_applications___6.0.4", product_id: "CSAFPID-1674624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.4:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_applications___6.0.5", product: { name: "communications_applications___6.0.5", product_id: "CSAFPID-1674625", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_applications___6.0.5:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-204629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-1673475", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4.3.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-816792", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-764735", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-1650734", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4.0-12.0.0.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-204639", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-204627", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-816793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management", product: { name: "communications_billing_and_revenue_management", product_id: "CSAFPID-912557", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_billing_and_revenue_management__-_elastic_charging_engine", product: { name: "communications_billing_and_revenue_management__-_elastic_charging_engine", product_id: "CSAFPID-219835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_billing_and_revenue_management__-_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-764247", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3.0.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-41194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-1650820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4-12.0.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-765241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-209550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-498607", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12:0.0.5.0:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_brm_-_elastic_charging_engine", product: { name: "communications_brm_-_elastic_charging_engine", product_id: "CSAFPID-912556", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:15.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_calendar_server", product: { name: "communications_calendar_server", product_id: "CSAFPID-764736", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_calendar_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_calendar_server", product: { name: "communications_calendar_server", product_id: "CSAFPID-220190", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_configuration_console", product: { name: "communications_cloud_native_configuration_console", product_id: "CSAFPID-391501", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_configuration_console", product: { name: "communications_cloud_native_configuration_console", product_id: "CSAFPID-440102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_configuration_console:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-89545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-180215", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-180197", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-41516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-41515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220057", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220055", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-220909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-816767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1503577", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673416", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673412", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_automated_test_suite", product: { name: "communications_cloud_native_core_automated_test_suite", product_id: "CSAFPID-1673411", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:24.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764237", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-2045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-40612", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-608629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-93784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1899", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-41111", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1685", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-493445", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-294401", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-220547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-764824", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-220459", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45184", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-45181", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611405", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.1.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611403", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-611404", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1650752", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1673396", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-912066", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_binding_support_function", product: { name: "communications_cloud_native_core_binding_support_function", product_id: "CSAFPID-1503323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673526", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673391", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_certificate_management", product: { name: "communications_cloud_native_core_certificate_management", product_id: "CSAFPID-1673394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_certificate_management:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-165550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-93546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-180195", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-40299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-187447", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-45186", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-45185", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-220559", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-220558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-764238", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-764239", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816768", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-816769", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-912085", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1503578", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673389", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_console", product: { name: "communications_cloud_native_core_console", product_id: "CSAFPID-1673390", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_console:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673421", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_dbtier", product: { name: "communications_cloud_native_core_dbtier", product_id: "CSAFPID-1673420", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_dbtier:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-764825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:22.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-816771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-912068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_data_analytics_function", product: { name: "communications_cloud_native_core_network_data_analytics_function", product_id: "CSAFPID-1503579", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_data_analytics_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-180201", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1900", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-760687", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-40947", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-93635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-503534", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-90018", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-220327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-94290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-220325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-614513", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-643776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-816772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-912076", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_exposure_function", product: { name: "communications_cloud_native_core_network_exposure_function", product_id: "CSAFPID-1503580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:23.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40613", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-2044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40301", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-180194", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-449747", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-40298", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-223527", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-449746", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-503493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-260394", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-219838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-611387", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-618156", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-816773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912101", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1673473", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0-24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-1503581", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912539", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912540", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_install_upgrade___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912541", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_installation___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912542", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_obserability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_function_cloud_native_environment", product: { name: "communications_cloud_native_core_network_function_cloud_native_environment", product_id: "CSAFPID-912543", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:_observability_services_overlay___23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-40611", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-40609", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-180198", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-41112", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-41110", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-760688", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-493444", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-93633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220056", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-223511", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-216017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220889", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614516", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.1.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-220918", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-614514", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816346", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912077", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1503322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-1673415", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-816775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_repository_function", product: { name: "communications_cloud_native_core_network_repository_function", product_id: "CSAFPID-912544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:_install_upgrade___23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-40608", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-180199", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-41113", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-260395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-260393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816348", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-912545", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816347", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673494", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-1673501", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:24.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_network_slice_selection_function", product: { name: "communications_cloud_native_core_network_slice_selection_function", product_id: "CSAFPID-816777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:_install_upgrade___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-764240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-220468", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-2310", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-93547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-180200", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-180193", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-93636", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-90020", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-90015", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-220133", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1650751", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-1673395", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0-23.4.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-912069", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_policy", product: { name: "communications_cloud_native_core_policy", product_id: "CSAFPID-765371", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_policy:all_supported_s:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-180216", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-180202", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-40300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-93653", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-40949", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-642000", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-93634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220561", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-90021", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-218028", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-94291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220910", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-220324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-611401", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.1.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-816778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-614517", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912547", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673392", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1503582", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-1673393", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_security_edge_protection_proxy", product: { name: "communications_cloud_native_core_security_edge_protection_proxy", product_id: "CSAFPID-912546", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:_automated_test_suite___23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-40610", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-611587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-642002", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-493443", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-642001", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-224795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912548", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912102", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-912549", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503583", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503584", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1503585", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_service_communication_proxy", product: { name: "communications_cloud_native_core_service_communication_proxy", product_id: "CSAFPID-1672767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-180217", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-180196", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-165576", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-40297", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764899", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-589926", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-179780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-40948", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-589925", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-179779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.3.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90019", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-90016", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-220326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-764241", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.1.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912078", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816349", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-912550", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1503587", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:23.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-1673399", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_cloud_native_core_unified_data_repository", product: { name: "communications_cloud_native_core_unified_data_repository", product_id: "CSAFPID-816779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:_signaling___23.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-764737", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-224787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_contacts_server", product: { name: "communications_contacts_server", product_id: "CSAFPID-220189", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-764827", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:7.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server", product: { name: "communications_converged_application_server", product_id: "CSAFPID-764828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server_-_service_controller", product: { name: "communications_converged_application_server_-_service_controller", product_id: "CSAFPID-764734", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_application_server_-_service_controller", product: { name: "communications_converged_application_server_-_service_controller", product_id: "CSAFPID-426842", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503599", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_converged_charging_system", product: { name: "communications_converged_charging_system", product_id: "CSAFPID-1503600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_converged_charging_system:2.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-345031", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-204635", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-764833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-224793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergence", product: { name: "communications_convergence", product_id: "CSAFPID-816794", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergence:3.0.3.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-342793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1650777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1265", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-764248", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-816350", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_convergent_charging_controller", product: { name: "communications_convergent_charging_controller", product_id: "CSAFPID-1261", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-110244", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-110242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-93777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:8.45:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-1672764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.1.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_core_session_manager", product: { name: "communications_core_session_manager", product_id: "CSAFPID-93772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_core_session_manager:9.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_data_model", product: { name: "communications_data_model", product_id: "CSAFPID-764902", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_data_model:12.2.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-765372", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-342799", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704412", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704411", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-165544", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-704410", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_design_studio", product: { name: "communications_design_studio", product_id: "CSAFPID-41183", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_intelligence_hub", product: { name: "communications_diameter_intelligence_hub", product_id: "CSAFPID-342802", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_intelligence_hub", product: { name: "communications_diameter_intelligence_hub", product_id: "CSAFPID-764829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:8.2.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1503588", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1892", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1891", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1888", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1887", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1889", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1884", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1885", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1882", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1883", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1879", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1880", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-40293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1650826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-1650830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.6.0.4-8.6.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-611413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912551", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_patches___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_diameter_signaling_router", product: { name: "communications_diameter_signaling_router", product_id: "CSAFPID-912552", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_diameter_signaling_router:_platform___9.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_application_processor", product: { name: "communications_eagle_application_processor", product_id: "CSAFPID-1673417", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_application_processor:17.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_application_processor", product: { name: "communications_eagle_application_processor", product_id: "CSAFPID-765369", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_application_processor:all_supported_s:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-1503317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_element_management_system", product: { name: "communications_eagle_element_management_system", product_id: "CSAFPID-204528", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_ftp_table_base_retrieval", product: { name: "communications_eagle_ftp_table_base_retrieval", product_id: "CSAFPID-204623", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_lnp_application_processor", product: { name: "communications_eagle_lnp_application_processor", product_id: "CSAFPID-352633", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_lnp_application_processor", product: { name: "communications_eagle_lnp_application_processor", product_id: "CSAFPID-352632", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_software", product: { name: "communications_eagle_software", product_id: "CSAFPID-765366", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_eagle_software", product: { name: "communications_eagle_software", product_id: "CSAFPID-765365", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_eagle_software:46.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_elastic_charging_engine", product: { name: "communications_elastic_charging_engine", product_id: "CSAFPID-764834", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_elastic_charging_engine:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-764242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204580", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-9226", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-9070", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-8845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204624", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-2286", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-204464", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-345038", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-93629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-611422", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-93630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_element_manager", product: { name: "communications_element_manager", product_id: "CSAFPID-816780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_element_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_evolved_communications_application_server", product: { name: "communications_evolved_communications_application_server", product_id: "CSAFPID-204645", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-816782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_fraud_monitor", product: { name: "communications_fraud_monitor", product_id: "CSAFPID-912553", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_fraud_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-207586", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-234306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-219803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_instant_messaging_server", product: { name: "communications_instant_messaging_server", product_id: "CSAFPID-387664", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_interactive_session_recorder", product: { name: "communications_interactive_session_recorder", product_id: "CSAFPID-1893", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-204622", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_ip_service_activator", product: { name: "communications_ip_service_activator", product_id: "CSAFPID-219909", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_ip_service_activator:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_lsms", product: { name: "communications_lsms", product_id: "CSAFPID-1673065", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_lsms:14.0.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-764835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.20.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-375182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.21.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-816351", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1.0.24.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_messaging_server", product: { name: "communications_messaging_server", product_id: "CSAFPID-41182", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-611595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_metasolv_solution", product: { name: "communications_metasolv_solution", product_id: "CSAFPID-226017", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-220167", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816353", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-764243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816352", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503589", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:23.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1503590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-1673414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:24.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816783", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816786", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_general___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_install_upgrade___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816785", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.2.0.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_analytics_data_director", product: { name: "communications_network_analytics_data_director", product_id: "CSAFPID-816788", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_analytics_data_director:_third_party___23.3.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-342803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1650778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.1.0.0-12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-1266", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-764249", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-816354", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_charging_and_control", product: { name: "communications_network_charging_and_control", product_id: "CSAFPID-204563", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-220125", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-245244", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-219776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_network_integrity", product: { name: "communications_network_integrity", product_id: "CSAFPID-204554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_offline_mediation_controller", product: { name: "communications_offline_mediation_controller", product_id: "CSAFPID-765242", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-9489", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-110249", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-93781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-220132", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_operations_monitor", product: { name: "communications_operations_monitor", product_id: "CSAFPID-912079", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_operations_monitor:5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-219898", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-224790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-221118", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-179774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_order_and_service_management", product: { name: "communications_order_and_service_management", product_id: "CSAFPID-1673496", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_order_and_service_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence", product: { name: "communications_performance_intelligence", product_id: "CSAFPID-1503591", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence:10.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center", product: { name: "communications_performance_intelligence_center", product_id: "CSAFPID-1673485", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center:prior_to_10.4.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-765367", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-765368", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_performance_intelligence_center__pic__software", product: { name: "communications_performance_intelligence_center__pic__software", product_id: "CSAFPID-764830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_performance_intelligence_center__pic__software:10.4.0.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-573035", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.5.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-45192", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-611406", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_policy_management", product: { name: "communications_policy_management", product_id: "CSAFPID-816790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_policy_management:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-764738", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-204595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-204590", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_pricing_design_center", product: { name: "communications_pricing_design_center", product_id: "CSAFPID-816355", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_pricing_design_center:15.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816359", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816358", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816357", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-912558", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-1503602", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.0.7.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.1.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_service_catalog_and_design", product: { name: "communications_service_catalog_and_design", product_id: "CSAFPID-816797", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_service_catalog_and_design:_psr_designer___7.4.2.8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_services_gatekeeper", product: { name: "communications_services_gatekeeper", product_id: "CSAFPID-608630", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503592", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503593", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:4.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1672762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-40291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503594", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_border_controller", product: { name: "communications_session_border_controller", product_id: "CSAFPID-1503595", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_border_controller:9.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-342804", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-704413", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2296", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-166028", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2294", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2292", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2288", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2282", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2285", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-2279", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-204634", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:8.2.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-345039", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-93628", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-611423", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-93631", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_report_manager", product: { name: "communications_session_report_manager", product_id: "CSAFPID-816791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_report_manager:9.4.53:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-342805", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-704414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-166027", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2295", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2293", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2289", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2291", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2287", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2283", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2284", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2280", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-2281", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-220414", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_route_manager", product: { name: "communications_session_route_manager", product_id: "CSAFPID-204607", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_route_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_router", product: { name: "communications_session_router", product_id: "CSAFPID-764780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_router:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_session_router", product: { name: "communications_session_router", product_id: "CSAFPID-764781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_session_router:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_subscriber-aware_load_balancer", product: { name: "communications_subscriber-aware_load_balancer", product_id: "CSAFPID-93775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_subscriber-aware_load_balancer", product: { name: "communications_subscriber-aware_load_balancer", product_id: "CSAFPID-93774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_subscriber-aware_load_balancer:9.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-240600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673382", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0-5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673070", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:5.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673381", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1650731", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673530", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0-6.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-764901", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-78761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-614089", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_assurance", product: { name: "communications_unified_assurance", product_id: "CSAFPID-1673068", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_assurance:6.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-764739", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204614", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-8984", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204510", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-204569", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-219826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_inventory_management", product: { name: "communications_unified_inventory_management", product_id: "CSAFPID-912073", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_session_manager", product: { name: "communications_unified_session_manager", product_id: "CSAFPID-110243", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_unified_session_manager", product: { name: "communications_unified_session_manager", product_id: "CSAFPID-205759", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503596", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503597", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1503598", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.11.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-764900", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-76994", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-568240", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-764782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-355340", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:12.6.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-912080", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_user_data_repository", product: { name: "communications_user_data_repository", product_id: "CSAFPID-1673481", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_user_data_repository:14.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-912554", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-611408", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-703515", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-611407", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_webrtc_session_controller", product: { name: "communications_webrtc_session_controller", product_id: "CSAFPID-204456", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2021-37137", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-41182", "CSAFPID-209546", "CSAFPID-40608", "CSAFPID-180216", "CSAFPID-93547", "CSAFPID-180217", "CSAFPID-2310", "CSAFPID-40612", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-1899", "CSAFPID-41111", "CSAFPID-40299", "CSAFPID-187447", "CSAFPID-1900", "CSAFPID-40301", "CSAFPID-180194", "CSAFPID-40298", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-40300", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-40294", "CSAFPID-110243", "CSAFPID-204629", "CSAFPID-765241", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-41183", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-1893", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-204456", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-204645", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180196", "CSAFPID-180201", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-764739", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204635", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673381", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2021-37137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37137.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-41182", "CSAFPID-209546", "CSAFPID-40608", "CSAFPID-180216", "CSAFPID-93547", "CSAFPID-180217", "CSAFPID-2310", "CSAFPID-40612", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-1899", "CSAFPID-41111", "CSAFPID-40299", "CSAFPID-187447", "CSAFPID-1900", "CSAFPID-40301", "CSAFPID-180194", "CSAFPID-40298", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-40300", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-40294", "CSAFPID-110243", "CSAFPID-204629", "CSAFPID-765241", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-41183", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-1893", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-204456", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-204645", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180196", "CSAFPID-180201", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-764739", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204635", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673381", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2021-37137", }, { cve: "CVE-2022-2068", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-40949", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-764735", "CSAFPID-204635", "CSAFPID-41183", "CSAFPID-234306", "CSAFPID-41182", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-764738", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-220547", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-93636", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-2068", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2068.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-40949", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45182", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-216017", "CSAFPID-764240", "CSAFPID-90021", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-94291", "CSAFPID-493443", "CSAFPID-224796", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-40293", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-93781", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-342793", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-342803", "CSAFPID-204563", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-764735", "CSAFPID-204635", "CSAFPID-41183", "CSAFPID-234306", "CSAFPID-41182", "CSAFPID-226017", "CSAFPID-219898", "CSAFPID-179774", "CSAFPID-764738", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-220547", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-93636", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-2068", }, { cve: "CVE-2022-2601", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-2601", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-2601.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-2601", }, { cve: "CVE-2022-23437", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-704410", "CSAFPID-704411", "CSAFPID-704412", "CSAFPID-226017", "CSAFPID-179774", "CSAFPID-219898", "CSAFPID-219826", "CSAFPID-204569", "CSAFPID-204510", "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-220548", "CSAFPID-608629", "CSAFPID-93784", "CSAFPID-41111", "CSAFPID-1685", "CSAFPID-493445", "CSAFPID-294401", "CSAFPID-220547", "CSAFPID-764824", "CSAFPID-220459", "CSAFPID-764825", "CSAFPID-93635", "CSAFPID-503534", "CSAFPID-503493", "CSAFPID-493444", "CSAFPID-93633", "CSAFPID-260395", "CSAFPID-260393", "CSAFPID-220468", "CSAFPID-93636", "CSAFPID-93634", "CSAFPID-589926", "CSAFPID-179780", "CSAFPID-589925", "CSAFPID-179779", "CSAFPID-764826", "CSAFPID-764827", "CSAFPID-764828", "CSAFPID-764829", "CSAFPID-764830", "CSAFPID-220190", "CSAFPID-220189", "CSAFPID-764833", "CSAFPID-41183", "CSAFPID-764834", "CSAFPID-234306", "CSAFPID-764835", "CSAFPID-187447", "CSAFPID-760687", "CSAFPID-40947", "CSAFPID-2044", "CSAFPID-449747", "CSAFPID-40301", "CSAFPID-449746", "CSAFPID-40298", "CSAFPID-223527", "CSAFPID-760688", "CSAFPID-40300", "CSAFPID-93653", "CSAFPID-40949", "CSAFPID-642000", "CSAFPID-642002", "CSAFPID-642001", "CSAFPID-165576", "CSAFPID-764899", "CSAFPID-40948", "CSAFPID-426842", "CSAFPID-93630", "CSAFPID-204645", "CSAFPID-1893", "CSAFPID-40294", "CSAFPID-93631", "CSAFPID-764900", "CSAFPID-568240", "CSAFPID-355340", "CSAFPID-703515", "CSAFPID-204456", "CSAFPID-204635", "CSAFPID-41182", "CSAFPID-764901", "CSAFPID-764902", "CSAFPID-1899", "CSAFPID-40299", "CSAFPID-1900", "CSAFPID-180194", "CSAFPID-41112", "CSAFPID-41110", "CSAFPID-41113", "CSAFPID-180193", "CSAFPID-1898", "CSAFPID-611587", "CSAFPID-40297", "CSAFPID-110244", "CSAFPID-110242", "CSAFPID-9489", "CSAFPID-110249", "CSAFPID-110243", "CSAFPID-765241", "CSAFPID-209546", "CSAFPID-207586", "CSAFPID-765242", "CSAFPID-205759", "CSAFPID-765365", "CSAFPID-765366", "CSAFPID-342804", "CSAFPID-342805", "CSAFPID-1882", "CSAFPID-573035", "CSAFPID-765367", "CSAFPID-765368", "CSAFPID-764242", "CSAFPID-76994", "CSAFPID-204623", "CSAFPID-352633", "CSAFPID-352632", "CSAFPID-765369", "CSAFPID-204528", "CSAFPID-342802", "CSAFPID-40610", "CSAFPID-40611", "CSAFPID-40609", "CSAFPID-180198", "CSAFPID-180217", "CSAFPID-180196", "CSAFPID-40612", "CSAFPID-180201", "CSAFPID-180216", "CSAFPID-180202", "CSAFPID-40613", "CSAFPID-40608", "CSAFPID-180199", "CSAFPID-93546", "CSAFPID-180195", "CSAFPID-2310", "CSAFPID-93547", "CSAFPID-180200", "CSAFPID-765371", "CSAFPID-89545", "CSAFPID-180215", "CSAFPID-180197", "CSAFPID-204639", "CSAFPID-204627", "CSAFPID-342799", "CSAFPID-765372", "CSAFPID-220125", "CSAFPID-245244", "CSAFPID-204554", "CSAFPID-204614", "CSAFPID-345031", "CSAFPID-204595", "CSAFPID-204590", "CSAFPID-224787", "CSAFPID-1673065", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-23437", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-23437.json", }, ], title: "CVE-2022-23437", }, { cve: "CVE-2022-36760", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, ], product_status: { known_affected: [ "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-704412", "CSAFPID-704411", "CSAFPID-704410", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2022-36760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36760.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-220057", "CSAFPID-220055", "CSAFPID-220909", "CSAFPID-45184", "CSAFPID-45182", "CSAFPID-220559", "CSAFPID-220558", "CSAFPID-220327", "CSAFPID-220325", "CSAFPID-219838", "CSAFPID-220056", "CSAFPID-223511", "CSAFPID-216017", "CSAFPID-220889", "CSAFPID-220918", "CSAFPID-90020", "CSAFPID-90015", "CSAFPID-220133", "CSAFPID-220561", "CSAFPID-90021", "CSAFPID-220881", "CSAFPID-94291", "CSAFPID-220910", "CSAFPID-220324", "CSAFPID-224796", "CSAFPID-224795", "CSAFPID-220326", "CSAFPID-764734", "CSAFPID-40293", "CSAFPID-220167", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764736", "CSAFPID-764737", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-704412", "CSAFPID-704411", "CSAFPID-704410", "CSAFPID-219803", "CSAFPID-375182", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-219776", "CSAFPID-224791", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-764738", "CSAFPID-240600", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-391501", "CSAFPID-440102", "CSAFPID-41516", "CSAFPID-41515", "CSAFPID-764237", "CSAFPID-45181", "CSAFPID-45186", "CSAFPID-45185", "CSAFPID-90018", "CSAFPID-94290", "CSAFPID-260394", "CSAFPID-764240", "CSAFPID-94292", "CSAFPID-218028", "CSAFPID-493443", "CSAFPID-90019", "CSAFPID-90016", "CSAFPID-93777", "CSAFPID-93772", "CSAFPID-345038", "CSAFPID-93629", "CSAFPID-45192", "CSAFPID-608630", "CSAFPID-40292", "CSAFPID-40291", "CSAFPID-345039", "CSAFPID-93628", "CSAFPID-764780", "CSAFPID-764781", "CSAFPID-93775", "CSAFPID-93774", "CSAFPID-764782", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-204563", "CSAFPID-8984", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2022-36760", }, { cve: "CVE-2023-2953", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-2953", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2953.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-2953", }, { cve: "CVE-2023-3635", cwe: { id: "CWE-195", name: "Signed to Unsigned Conversion Error", }, notes: [ { category: "other", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "other", text: "Uncaught Exception", title: "CWE-248", }, ], product_status: { known_affected: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-204622", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-219909", "CSAFPID-220558", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611401", "CSAFPID-611406", "CSAFPID-611407", "CSAFPID-611408", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-614513", "CSAFPID-614514", "CSAFPID-614515", "CSAFPID-614516", "CSAFPID-614517", "CSAFPID-618156", "CSAFPID-643776", "CSAFPID-764237", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-764240", "CSAFPID-764241", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-764249", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", ], }, references: [ { category: "self", summary: "CVE-2023-3635", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-3635.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-94291", "CSAFPID-40293", "CSAFPID-204622", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-219909", "CSAFPID-220558", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611401", "CSAFPID-611406", "CSAFPID-611407", "CSAFPID-611408", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-614513", "CSAFPID-614514", "CSAFPID-614515", "CSAFPID-614516", "CSAFPID-614517", "CSAFPID-618156", "CSAFPID-643776", "CSAFPID-764237", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-764240", "CSAFPID-764241", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-764249", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-912102", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", ], }, ], title: "CVE-2023-3635", }, { cve: "CVE-2023-4043", cwe: { id: "CWE-834", name: "Excessive Iteration", }, notes: [ { category: "other", text: "Excessive Iteration", title: "CWE-834", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816352", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-342804", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-224793", "CSAFPID-816794", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342803", "CSAFPID-611595", "CSAFPID-764738", "CSAFPID-816351", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-912073", "CSAFPID-912558", ], }, references: [ { category: "self", summary: "CVE-2023-4043", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4043.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816352", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-342804", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-224793", "CSAFPID-816794", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-219803", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-240600", "CSAFPID-342803", "CSAFPID-611595", "CSAFPID-764738", "CSAFPID-816351", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-912073", "CSAFPID-912558", ], }, ], title: "CVE-2023-4043", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2023-5685", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2023-5685", }, { cve: "CVE-2023-6597", cwe: { id: "CWE-61", name: "UNIX Symbolic Link (Symlink) Following", }, notes: [ { category: "other", text: "UNIX Symbolic Link (Symlink) Following", title: "CWE-61", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2023-6597", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6597.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2023-6597", }, { cve: "CVE-2023-6816", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-6816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6816.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-6816", }, { cve: "CVE-2023-38408", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, notes: [ { category: "other", text: "Improper Control of Generation of Code ('Code Injection')", title: "CWE-94", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-45182", "CSAFPID-40293", "CSAFPID-611406", "CSAFPID-764237", "CSAFPID-220558", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-614513", "CSAFPID-643776", "CSAFPID-611387", "CSAFPID-618156", "CSAFPID-614516", "CSAFPID-614515", "CSAFPID-614514", "CSAFPID-764240", "CSAFPID-94291", "CSAFPID-611401", "CSAFPID-614517", "CSAFPID-764241", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-342804", "CSAFPID-611408", "CSAFPID-611407", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-611595", "CSAFPID-764249", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-38408", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-38408.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-45182", "CSAFPID-40293", "CSAFPID-611406", "CSAFPID-764237", "CSAFPID-220558", "CSAFPID-764238", "CSAFPID-764239", "CSAFPID-614513", "CSAFPID-643776", "CSAFPID-611387", "CSAFPID-618156", "CSAFPID-614516", "CSAFPID-614515", "CSAFPID-614514", "CSAFPID-764240", "CSAFPID-94291", "CSAFPID-611401", "CSAFPID-614517", "CSAFPID-764241", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-764243", "CSAFPID-342804", "CSAFPID-611408", "CSAFPID-611407", "CSAFPID-764247", "CSAFPID-764248", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-611595", "CSAFPID-764249", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-240600", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-38408", }, { cve: "CVE-2023-43642", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673395", "CSAFPID-94291", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", ], }, references: [ { category: "self", summary: "CVE-2023-43642", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43642.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-40293", "CSAFPID-1265", "CSAFPID-1261", "CSAFPID-1266", "CSAFPID-8984", "CSAFPID-1673395", "CSAFPID-94291", "CSAFPID-204510", "CSAFPID-204563", "CSAFPID-204569", "CSAFPID-204622", "CSAFPID-219803", "CSAFPID-219838", "CSAFPID-219909", "CSAFPID-221118", "CSAFPID-224790", "CSAFPID-224793", "CSAFPID-240600", "CSAFPID-342793", "CSAFPID-342803", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-611595", "CSAFPID-614517", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764738", "CSAFPID-816346", "CSAFPID-816347", "CSAFPID-816348", "CSAFPID-816349", "CSAFPID-816350", "CSAFPID-816351", "CSAFPID-816352", "CSAFPID-816353", "CSAFPID-816354", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816776", "CSAFPID-816777", "CSAFPID-816778", "CSAFPID-816779", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816786", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", ], }, ], title: "CVE-2023-43642", }, { cve: "CVE-2023-46136", cwe: { id: "CWE-407", name: "Inefficient Algorithmic Complexity", }, notes: [ { category: "other", text: "Inefficient Algorithmic Complexity", title: "CWE-407", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673411", "CSAFPID-912549", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-220132", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2023-46136", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46136.json", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673411", "CSAFPID-912549", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-220132", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2023-46136", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816352", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-219803", "CSAFPID-816351", "CSAFPID-611595", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673417", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-90016", "CSAFPID-764826", "CSAFPID-345038", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-93781", "CSAFPID-345039", "CSAFPID-912080", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-611413", "CSAFPID-240600", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-816765", "CSAFPID-816766", "CSAFPID-816767", "CSAFPID-816768", "CSAFPID-816769", "CSAFPID-816770", "CSAFPID-816771", "CSAFPID-816772", "CSAFPID-219838", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-816774", "CSAFPID-816775", "CSAFPID-816346", "CSAFPID-816776", "CSAFPID-816348", "CSAFPID-816777", "CSAFPID-816347", "CSAFPID-94291", "CSAFPID-816778", "CSAFPID-614517", "CSAFPID-816779", "CSAFPID-816349", "CSAFPID-40293", "CSAFPID-764242", "CSAFPID-816780", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-816783", "CSAFPID-816784", "CSAFPID-816785", "CSAFPID-816353", "CSAFPID-816786", "CSAFPID-816352", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-224793", "CSAFPID-342793", "CSAFPID-1265", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-219803", "CSAFPID-816351", "CSAFPID-611595", "CSAFPID-342803", "CSAFPID-1266", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673417", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-90016", "CSAFPID-764826", "CSAFPID-345038", "CSAFPID-912079", "CSAFPID-220132", "CSAFPID-93781", "CSAFPID-345039", "CSAFPID-912080", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-611413", "CSAFPID-240600", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-816357", "CSAFPID-816358", "CSAFPID-816359", "CSAFPID-816787", "CSAFPID-816788", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-816791", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-816794", "CSAFPID-816795", "CSAFPID-816796", "CSAFPID-816797", "CSAFPID-8984", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-1503601", "CSAFPID-1503602", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-51775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2023-51775", }, { cve: "CVE-2023-52428", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912102", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2023-52428", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912073", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912102", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2023-52428", }, { cve: "CVE-2024-0450", cwe: { id: "CWE-450", name: "Multiple Interpretations of UI Input", }, notes: [ { category: "other", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "other", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-0450", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-0450", }, { cve: "CVE-2024-2398", cwe: { id: "CWE-772", name: "Missing Release of Resource after Effective Lifetime", }, notes: [ { category: "other", text: "Missing Release of Resource after Effective Lifetime", title: "CWE-772", }, { category: "other", text: "Missing Release of Memory after Effective Lifetime", title: "CWE-401", }, ], product_status: { known_affected: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-2398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2398.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-2398", }, { cve: "CVE-2024-4577", cwe: { id: "CWE-88", name: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, ], product_status: { known_affected: [ "CSAFPID-1650731", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-4577", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4577.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650731", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", cwe: { id: "CWE-606", name: "Unchecked Input for Loop Condition", }, notes: [ { category: "other", text: "Unchecked Input for Loop Condition", title: "CWE-606", }, ], product_status: { known_affected: [ "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-4603", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4603.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-4603", }, { cve: "CVE-2024-5585", cwe: { id: "CWE-116", name: "Improper Encoding or Escaping of Output", }, notes: [ { category: "other", text: "Improper Encoding or Escaping of Output", title: "CWE-116", }, { category: "other", text: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", title: "CWE-78", }, { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, ], product_status: { known_affected: [ "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2024-5585", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5585.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2024-5585", }, { cve: "CVE-2024-5971", cwe: { id: "CWE-674", name: "Uncontrolled Recursion", }, notes: [ { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673526", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-5971", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-5971.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1673399", "CSAFPID-1673526", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-5971", }, { cve: "CVE-2024-6162", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-6162", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673526", "CSAFPID-1673399", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-6162", }, { cve: "CVE-2024-6387", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "other", text: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", title: "CWE-362", }, { category: "other", text: "Signal Handler Race Condition", title: "CWE-364", }, ], product_status: { known_affected: [ "CSAFPID-1503595", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-6387", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6387.json", }, ], title: "CVE-2024-6387", }, { cve: "CVE-2024-7254", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Uncontrolled Recursion", title: "CWE-674", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673391", "CSAFPID-1673394", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-7254", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json", }, ], title: "CVE-2024-7254", }, { cve: "CVE-2024-7264", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1673530", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, references: [ { category: "self", summary: "CVE-2024-7264", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7264.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673530", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", ], }, ], title: "CVE-2024-7264", }, { cve: "CVE-2024-22020", product_status: { known_affected: [ "CSAFPID-912101", "CSAFPID-1673473", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-22020", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22020.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-912101", "CSAFPID-1673473", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-22020", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673475", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-224795", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673475", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-219776", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-224795", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-22257", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-22257", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650820", "CSAFPID-1650751", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650820", "CSAFPID-1650751", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-23672", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-23672", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-23672", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650734", "CSAFPID-1650830", "CSAFPID-1650777", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-1650778", "CSAFPID-41182", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650734", "CSAFPID-1650830", "CSAFPID-1650777", "CSAFPID-204622", "CSAFPID-219909", "CSAFPID-1650778", "CSAFPID-41182", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650826", "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-816773", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-764240", "CSAFPID-614517", "CSAFPID-224795", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-93781", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-342804", "CSAFPID-912080", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-219776", "CSAFPID-765242", "CSAFPID-764739", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219826", "CSAFPID-912073", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1650752", "CSAFPID-1673481", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650751", "CSAFPID-1650752", "CSAFPID-1673481", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-912068", "CSAFPID-912076", "CSAFPID-611387", "CSAFPID-912539", "CSAFPID-816773", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912101", "CSAFPID-912544", "CSAFPID-912077", "CSAFPID-816348", "CSAFPID-912545", "CSAFPID-764240", "CSAFPID-912546", "CSAFPID-614517", "CSAFPID-912547", "CSAFPID-224795", "CSAFPID-912548", "CSAFPID-912102", "CSAFPID-912549", "CSAFPID-764826", "CSAFPID-90016", "CSAFPID-912078", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-611413", "CSAFPID-764242", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912553", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-342804", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-765242", "CSAFPID-912073", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-25638", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "other", text: "Acceptance of Extraneous Untrusted Data With Trusted Data", title: "CWE-349", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-25638", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25638.json", }, ], scores: [ { cvss_v3: { baseScore: 8.9, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-25638", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-1670429", "CSAFPID-1670430", "CSAFPID-1670431", "CSAFPID-1670432", "CSAFPID-1670433", "CSAFPID-1670434", "CSAFPID-1670435", "CSAFPID-1670436", "CSAFPID-1670437", "CSAFPID-1670438", "CSAFPID-1670439", "CSAFPID-1670440", "CSAFPID-1670441", "CSAFPID-1670442", "CSAFPID-90016", "CSAFPID-93781", "CSAFPID-204510", "CSAFPID-204569", "CSAFPID-219776", "CSAFPID-219826", "CSAFPID-220132", "CSAFPID-224795", "CSAFPID-342804", "CSAFPID-611387", "CSAFPID-611413", "CSAFPID-614517", "CSAFPID-764237", "CSAFPID-764240", "CSAFPID-764242", "CSAFPID-764247", "CSAFPID-764735", "CSAFPID-764739", "CSAFPID-764826", "CSAFPID-765242", "CSAFPID-816348", "CSAFPID-816773", "CSAFPID-816781", "CSAFPID-816782", "CSAFPID-912068", "CSAFPID-912073", "CSAFPID-912076", "CSAFPID-912077", "CSAFPID-912078", "CSAFPID-912079", "CSAFPID-912080", "CSAFPID-912085", "CSAFPID-912101", "CSAFPID-912102", "CSAFPID-912539", "CSAFPID-912540", "CSAFPID-912541", "CSAFPID-912542", "CSAFPID-912543", "CSAFPID-912544", "CSAFPID-912545", "CSAFPID-912546", "CSAFPID-912547", "CSAFPID-912548", "CSAFPID-912549", "CSAFPID-912550", "CSAFPID-912551", "CSAFPID-912552", "CSAFPID-912553", "CSAFPID-912554", "CSAFPID-912556", "CSAFPID-912557", "CSAFPID-912558", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-1503582", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1673485", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673389", "CSAFPID-1672767", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673415", "CSAFPID-1673390", "CSAFPID-1673413", "CSAFPID-1673395", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1673485", "CSAFPID-1673393", "CSAFPID-1673394", "CSAFPID-1673389", "CSAFPID-1672767", "CSAFPID-1673391", "CSAFPID-1673392", "CSAFPID-1673415", "CSAFPID-1673390", "CSAFPID-1673413", "CSAFPID-1673395", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1673414", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1635310", "CSAFPID-1635311", "CSAFPID-1635312", "CSAFPID-1635313", "CSAFPID-1635314", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635317", "CSAFPID-1635318", "CSAFPID-1635319", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1635322", "CSAFPID-1635323", "CSAFPID-1635324", "CSAFPID-1635325", "CSAFPID-1635326", "CSAFPID-1635327", "CSAFPID-1635328", "CSAFPID-1635329", "CSAFPID-1650752", "CSAFPID-1650751", "CSAFPID-1673494", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1674636", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29133", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29133.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1650820", "CSAFPID-224790", "CSAFPID-221118", "CSAFPID-1673496", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29133", }, { cve: "CVE-2024-29736", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-29736", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29736.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673399", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-29736", }, { cve: "CVE-2024-29857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], product_status: { known_affected: [ "CSAFPID-1673413", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, references: [ { category: "self", summary: "CVE-2024-29857", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673413", "CSAFPID-1673415", "CSAFPID-1673501", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", "CSAFPID-220055", "CSAFPID-1503577", "CSAFPID-764237", "CSAFPID-912085", "CSAFPID-1503578", "CSAFPID-1503579", "CSAFPID-1503580", "CSAFPID-912101", "CSAFPID-1503581", "CSAFPID-1503322", "CSAFPID-912069", "CSAFPID-764240", "CSAFPID-912547", "CSAFPID-1503582", "CSAFPID-912549", "CSAFPID-1503583", "CSAFPID-1503584", "CSAFPID-1503585", "CSAFPID-1503586", "CSAFPID-1503587", "CSAFPID-1503588", "CSAFPID-1503316", "CSAFPID-1503317", "CSAFPID-764242", "CSAFPID-1503589", "CSAFPID-1503590", "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1503591", "CSAFPID-816789", "CSAFPID-816790", "CSAFPID-1503592", "CSAFPID-1503593", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-342804", "CSAFPID-1503596", "CSAFPID-1503597", "CSAFPID-1503598", "CSAFPID-816792", "CSAFPID-764247", "CSAFPID-912556", "CSAFPID-764735", "CSAFPID-816793", "CSAFPID-1503599", "CSAFPID-1503600", "CSAFPID-342793", "CSAFPID-816350", "CSAFPID-1261", "CSAFPID-342803", "CSAFPID-816354", "CSAFPID-204563", "CSAFPID-764738", "CSAFPID-816355", "CSAFPID-1503601", "CSAFPID-1503602", "CSAFPID-240600", "CSAFPID-204510", "CSAFPID-204569", ], }, ], title: "CVE-2024-29857", }, { cve: "CVE-2024-30251", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-30251", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30251.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-30251", }, { cve: "CVE-2024-31080", cwe: { id: "CWE-126", name: "Buffer Over-read", }, notes: [ { category: "other", text: "Buffer Over-read", title: "CWE-126", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-31080", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31080.json", }, ], title: "CVE-2024-31080", }, { cve: "CVE-2024-31744", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-31744", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-31744.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673392", "CSAFPID-1673393", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-31744", }, { cve: "CVE-2024-32760", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-32760", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32760.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-220132", "CSAFPID-912079", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-32760", }, { cve: "CVE-2024-33602", cwe: { id: "CWE-466", name: "Return of Pointer Value Outside of Expected Range", }, notes: [ { category: "other", text: "Return of Pointer Value Outside of Expected Range", title: "CWE-466", }, { category: "other", text: "Improper Check or Handling of Exceptional Conditions", title: "CWE-703", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-33602", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json", }, ], scores: [ { cvss_v3: { baseScore: 8.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673396", "CSAFPID-1503594", "CSAFPID-1503595", "CSAFPID-1672762", "CSAFPID-1673395", "CSAFPID-1672764", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673494", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-33602", }, { cve: "CVE-2024-34750", cwe: { id: "CWE-755", name: "Improper Handling of Exceptional Conditions", }, notes: [ { category: "other", text: "Improper Handling of Exceptional Conditions", title: "CWE-755", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-34750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34750.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1673481", "CSAFPID-1503596", "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-34750", }, { cve: "CVE-2024-37371", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-37371", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37371.json", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-912549", "CSAFPID-1673413", "CSAFPID-1673414", "CSAFPID-1673396", "CSAFPID-1503590", "CSAFPID-1673393", "CSAFPID-1673395", "CSAFPID-1673399", "CSAFPID-1672767", "CSAFPID-1503585", "CSAFPID-1673392", "CSAFPID-1503589", "CSAFPID-1673415", "CSAFPID-1673389", "CSAFPID-1673390", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-37371", }, { cve: "CVE-2024-37891", cwe: { id: "CWE-669", name: "Incorrect Resource Transfer Between Spheres", }, notes: [ { category: "other", text: "Incorrect Resource Transfer Between Spheres", title: "CWE-669", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-37891", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-37891.json", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-37891", }, { cve: "CVE-2024-38816", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-38816", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38816.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673420", "CSAFPID-1673421", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-38816", }, { cve: "CVE-2024-39689", cwe: { id: "CWE-345", name: "Insufficient Verification of Data Authenticity", }, notes: [ { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673393", ], }, references: [ { category: "self", summary: "CVE-2024-39689", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39689.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673393", ], }, ], title: "CVE-2024-39689", }, { cve: "CVE-2024-40898", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-1673516", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-40898", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-40898.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-1673516", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1650731", "CSAFPID-1673382", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-40898", }, { cve: "CVE-2024-41817", cwe: { id: "CWE-427", name: "Uncontrolled Search Path Element", }, notes: [ { category: "other", text: "Uncontrolled Search Path Element", title: "CWE-427", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1674625", ], }, references: [ { category: "self", summary: "CVE-2024-41817", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41817.json", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1650731", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1674625", ], }, ], title: "CVE-2024-41817", }, { cve: "CVE-2024-43044", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "other", text: "Improper Check for Unusual or Exceptional Conditions", title: "CWE-754", }, ], product_status: { known_affected: [ "CSAFPID-1673395", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673494", "CSAFPID-1673393", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-43044", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-43044.json", }, ], scores: [ { cvss_v3: { baseScore: 9, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673395", "CSAFPID-1673411", "CSAFPID-1673412", "CSAFPID-1673413", "CSAFPID-1673396", "CSAFPID-1673392", "CSAFPID-1673494", "CSAFPID-1673393", "CSAFPID-1673415", "CSAFPID-1673416", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-43044", }, { cve: "CVE-2024-45492", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, references: [ { category: "self", summary: "CVE-2024-45492", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1673382", "CSAFPID-1673399", "CSAFPID-1650731", "CSAFPID-1673517", "CSAFPID-1673396", "CSAFPID-1674617", "CSAFPID-1674618", "CSAFPID-1674619", "CSAFPID-1674620", "CSAFPID-1674621", "CSAFPID-1674622", "CSAFPID-1674623", "CSAFPID-1674624", "CSAFPID-1674625", "CSAFPID-1674626", "CSAFPID-1674627", "CSAFPID-1674628", "CSAFPID-1635305", "CSAFPID-1635306", "CSAFPID-1635307", "CSAFPID-1635308", "CSAFPID-1635309", "CSAFPID-1670434", "CSAFPID-1674629", "CSAFPID-1635315", "CSAFPID-1635316", "CSAFPID-1635318", "CSAFPID-1674630", "CSAFPID-1674631", "CSAFPID-1674632", "CSAFPID-1674633", "CSAFPID-1674634", "CSAFPID-1674635", "CSAFPID-1635323", "CSAFPID-1674636", "CSAFPID-1635324", "CSAFPID-1674637", "CSAFPID-1674638", "CSAFPID-1674639", "CSAFPID-1674640", "CSAFPID-1674641", "CSAFPID-1674642", "CSAFPID-1635320", "CSAFPID-1635321", "CSAFPID-1674643", "CSAFPID-1674644", "CSAFPID-1674645", "CSAFPID-1674646", ], }, ], title: "CVE-2024-45492", }, ], }
ncsc-2024-0332
Vulnerability from csaf_ncscnl
Published
2024-08-13 09:21
Modified
2024-08-13 09:21
Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als COMOS, INTRALOG, LOGO!, NX, SCALANCE, SINEC en Teamcenter.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Spoofing
- Verhoogde gebruikersrechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-125
Out-of-bounds Read
CWE-20
Improper Input Validation
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-250
Execution with Unnecessary Privileges
CWE-256
Plaintext Storage of a Password
CWE-269
Improper Privilege Management
CWE-284
Improper Access Control
CWE-307
Improper Restriction of Excessive Authentication Attempts
CWE-326
Inadequate Encryption Strength
CWE-358
Improperly Implemented Security Check for Standard
CWE-488
Exposure of Data Element to Wrong Session
CWE-521
Weak Password Requirements
CWE-524
Use of Cache Containing Sensitive Information
CWE-532
Insertion of Sensitive Information into Log File
CWE-863
Incorrect Authorization
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Siemens heeft kwetsbaarheden verholpen in diverse producten als COMOS, INTRALOG, LOGO!, NX, SCALANCE, SINEC en Teamcenter.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Spoofing\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.", title: "Interpretaties", }, { category: "description", text: "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Execution with Unnecessary Privileges", title: "CWE-250", }, { category: "general", text: "Plaintext Storage of a Password", title: "CWE-256", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Excessive Authentication Attempts", title: "CWE-307", }, { category: "general", text: "Inadequate Encryption Strength", title: "CWE-326", }, { category: "general", text: "Improperly Implemented Security Check for Standard", title: "CWE-358", }, { category: "general", text: "Exposure of Data Element to Wrong Session", title: "CWE-488", }, { category: "general", text: "Weak Password Requirements", title: "CWE-521", }, { category: "general", text: "Use of Cache Containing Sensitive Information", title: "CWE-524", }, { category: "general", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, { category: "general", text: "Incorrect Authorization", title: "CWE-863", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-087301.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-357412.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-417547.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-659443.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-716317.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-720392.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-784301.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-856475.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-921449.pdf", }, ], title: "Kwetsbaarheden verholpen in Siemens producten", tracking: { current_release_date: "2024-08-13T09:21:28.381575Z", id: "NCSC-2024-0332", initial_release_date: "2024-08-13T09:21:28.381575Z", revision_history: [ { date: "2024-08-13T09:21:28.381575Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, vulnerabilities: [ { cve: "CVE-2023-4611", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2023-4611", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4611.json", }, ], title: "CVE-2023-4611", }, { cve: "CVE-2023-5180", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], references: [ { category: "self", summary: "CVE-2023-5180", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5180.json", }, ], title: "CVE-2023-5180", }, { cve: "CVE-2023-5868", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Function Call With Incorrect Argument Type", title: "CWE-686", }, ], references: [ { category: "self", summary: "CVE-2023-5868", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5868.json", }, ], title: "CVE-2023-5868", }, { cve: "CVE-2023-5869", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], references: [ { category: "self", summary: "CVE-2023-5869", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5869.json", }, ], title: "CVE-2023-5869", }, { cve: "CVE-2023-5870", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-5870", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5870.json", }, ], title: "CVE-2023-5870", }, { cve: "CVE-2023-6378", cwe: { id: "CWE-499", name: "Serializable Class Containing Sensitive Data", }, notes: [ { category: "other", text: "Serializable Class Containing Sensitive Data", title: "CWE-499", }, ], references: [ { category: "self", summary: "CVE-2023-6378", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6378.json", }, ], title: "CVE-2023-6378", }, { cve: "CVE-2023-6481", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-6481", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6481.json", }, ], title: "CVE-2023-6481", }, { cve: "CVE-2023-26495", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2023-26495", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26495.json", }, ], title: "CVE-2023-26495", }, { cve: "CVE-2023-31122", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2023-31122", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-31122.json", }, ], title: "CVE-2023-31122", }, { cve: "CVE-2023-34050", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], references: [ { category: "self", summary: "CVE-2023-34050", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34050.json", }, ], title: "CVE-2023-34050", }, { cve: "CVE-2023-39615", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], references: [ { category: "self", summary: "CVE-2023-39615", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39615.json", }, ], title: "CVE-2023-39615", }, { cve: "CVE-2023-42794", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], references: [ { category: "self", summary: "CVE-2023-42794", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42794.json", }, ], title: "CVE-2023-42794", }, { cve: "CVE-2023-42795", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], references: [ { category: "self", summary: "CVE-2023-42795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42795.json", }, ], title: "CVE-2023-42795", }, { cve: "CVE-2023-43622", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-43622", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43622.json", }, ], title: "CVE-2023-43622", }, { cve: "CVE-2023-44321", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-44321", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44321.json", }, ], title: "CVE-2023-44321", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-44487", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json", }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-45648", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2023-45648", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45648.json", }, ], title: "CVE-2023-45648", }, { cve: "CVE-2023-45802", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-45802", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45802.json", }, ], title: "CVE-2023-45802", }, { cve: "CVE-2023-46120", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-46120", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46120.json", }, ], title: "CVE-2023-46120", }, { cve: "CVE-2023-46280", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2023-46280", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46280.json", }, ], title: "CVE-2023-46280", }, { cve: "CVE-2023-46589", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2023-46589", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json", }, ], title: "CVE-2023-46589", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], title: "CVE-2023-52425", }, { cve: "CVE-2023-52426", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, ], references: [ { category: "self", summary: "CVE-2023-52426", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52426.json", }, ], title: "CVE-2023-52426", }, { cve: "CVE-2024-0056", cwe: { id: "CWE-420", name: "Unprotected Alternate Channel", }, notes: [ { category: "other", text: "Unprotected Alternate Channel", title: "CWE-420", }, { category: "other", text: "Cleartext Transmission of Sensitive Information", title: "CWE-319", }, ], references: [ { category: "self", summary: "CVE-2024-0056", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0056.json", }, ], title: "CVE-2024-0056", }, { cve: "CVE-2024-0985", cwe: { id: "CWE-271", name: "Privilege Dropping / Lowering Errors", }, notes: [ { category: "other", text: "Privilege Dropping / Lowering Errors", title: "CWE-271", }, ], references: [ { category: "self", summary: "CVE-2024-0985", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0985.json", }, ], title: "CVE-2024-0985", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28757", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, notes: [ { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2024-28757", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28757.json", }, ], title: "CVE-2024-28757", }, { cve: "CVE-2024-30045", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], references: [ { category: "self", summary: "CVE-2024-30045", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30045.json", }, ], title: "CVE-2024-30045", }, { cve: "CVE-2024-32635", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2024-32635", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32635.json", }, ], title: "CVE-2024-32635", }, { cve: "CVE-2024-32636", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2024-32636", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32636.json", }, ], title: "CVE-2024-32636", }, { cve: "CVE-2024-32637", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2024-32637", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32637.json", }, ], title: "CVE-2024-32637", }, { cve: "CVE-2024-36398", cwe: { id: "CWE-250", name: "Execution with Unnecessary Privileges", }, notes: [ { category: "other", text: "Execution with Unnecessary Privileges", title: "CWE-250", }, ], references: [ { category: "self", summary: "CVE-2024-36398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36398.json", }, ], title: "CVE-2024-36398", }, { cve: "CVE-2024-39922", cwe: { id: "CWE-256", name: "Plaintext Storage of a Password", }, notes: [ { category: "other", text: "Plaintext Storage of a Password", title: "CWE-256", }, ], references: [ { category: "self", summary: "CVE-2024-39922", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39922.json", }, ], title: "CVE-2024-39922", }, { cve: "CVE-2024-41681", cwe: { id: "CWE-326", name: "Inadequate Encryption Strength", }, notes: [ { category: "other", text: "Inadequate Encryption Strength", title: "CWE-326", }, ], references: [ { category: "self", summary: "CVE-2024-41681", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41681.json", }, ], title: "CVE-2024-41681", }, { cve: "CVE-2024-41682", cwe: { id: "CWE-307", name: "Improper Restriction of Excessive Authentication Attempts", }, notes: [ { category: "other", text: "Improper Restriction of Excessive Authentication Attempts", title: "CWE-307", }, ], references: [ { category: "self", summary: "CVE-2024-41682", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41682.json", }, ], title: "CVE-2024-41682", }, { cve: "CVE-2024-41683", cwe: { id: "CWE-521", name: "Weak Password Requirements", }, notes: [ { category: "other", text: "Weak Password Requirements", title: "CWE-521", }, ], references: [ { category: "self", summary: "CVE-2024-41683", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41683.json", }, ], title: "CVE-2024-41683", }, { cve: "CVE-2024-41903", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, notes: [ { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, ], references: [ { category: "self", summary: "CVE-2024-41903", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41903.json", }, ], title: "CVE-2024-41903", }, { cve: "CVE-2024-41904", cwe: { id: "CWE-307", name: "Improper Restriction of Excessive Authentication Attempts", }, notes: [ { category: "other", text: "Improper Restriction of Excessive Authentication Attempts", title: "CWE-307", }, ], references: [ { category: "self", summary: "CVE-2024-41904", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41904.json", }, ], title: "CVE-2024-41904", }, { cve: "CVE-2024-41905", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], references: [ { category: "self", summary: "CVE-2024-41905", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41905.json", }, ], title: "CVE-2024-41905", }, { cve: "CVE-2024-41906", cwe: { id: "CWE-524", name: "Use of Cache Containing Sensitive Information", }, notes: [ { category: "other", text: "Use of Cache Containing Sensitive Information", title: "CWE-524", }, ], references: [ { category: "self", summary: "CVE-2024-41906", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41906.json", }, ], title: "CVE-2024-41906", }, { cve: "CVE-2024-41907", cwe: { id: "CWE-358", name: "Improperly Implemented Security Check for Standard", }, notes: [ { category: "other", text: "Improperly Implemented Security Check for Standard", title: "CWE-358", }, ], references: [ { category: "self", summary: "CVE-2024-41907", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41907.json", }, ], title: "CVE-2024-41907", }, { cve: "CVE-2024-41908", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2024-41908", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41908.json", }, ], title: "CVE-2024-41908", }, { cve: "CVE-2024-41938", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], references: [ { category: "self", summary: "CVE-2024-41938", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41938.json", }, ], title: "CVE-2024-41938", }, { cve: "CVE-2024-41939", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "other", text: "Incorrect Authorization", title: "CWE-863", }, ], references: [ { category: "self", summary: "CVE-2024-41939", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41939.json", }, ], title: "CVE-2024-41939", }, { cve: "CVE-2024-41940", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2024-41940", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41940.json", }, ], title: "CVE-2024-41940", }, { cve: "CVE-2024-41941", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "other", text: "Incorrect Authorization", title: "CWE-863", }, ], references: [ { category: "self", summary: "CVE-2024-41941", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41941.json", }, ], title: "CVE-2024-41941", }, { cve: "CVE-2024-41976", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2024-41976", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41976.json", }, ], title: "CVE-2024-41976", }, { cve: "CVE-2024-41977", cwe: { id: "CWE-488", name: "Exposure of Data Element to Wrong Session", }, notes: [ { category: "other", text: "Exposure of Data Element to Wrong Session", title: "CWE-488", }, ], references: [ { category: "self", summary: "CVE-2024-41977", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41977.json", }, ], title: "CVE-2024-41977", }, { cve: "CVE-2024-41978", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "other", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, ], references: [ { category: "self", summary: "CVE-2024-41978", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41978.json", }, ], title: "CVE-2024-41978", }, ], }
ncsc-2024-0303
Vulnerability from csaf_ncscnl
Published
2024-07-17 13:54
Modified
2024-07-17 13:54
Summary
Kwetsbaarheden verholpen in Oracle MySQL
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Er zijn kwetsbaarheden verholpen in Oracle MySQL.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen
Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-222
Truncation of Security-relevant Information
CWE-284
Improper Access Control
CWE-285
Improper Authorization
CWE-295
Improper Certificate Validation
CWE-328
Use of Weak Hash
CWE-345
Insufficient Verification of Data Authenticity
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-416
Use After Free
CWE-450
Multiple Interpretations of UI Input
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Er zijn kwetsbaarheden verholpen in Oracle MySQL.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Authorization", title: "CWE-285", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Use of Weak Hash", title: "CWE-328", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-24112", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-37920", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52425", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-0450", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-20996", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21125", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21127", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21129", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21130", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21134", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21135", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21137", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21142", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21157", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21159", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21160", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21162", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21163", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21165", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21166", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21170", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21171", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21173", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21176", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21177", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21179", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21185", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22257", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22262", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24549", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "Reference - oracle", url: "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json", }, { category: "external", summary: "Reference - cveprojectv5; ibm; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle MySQL", tracking: { current_release_date: "2024-07-17T13:54:56.036488Z", id: "NCSC-2024-0303", initial_release_date: "2024-07-17T13:54:56.036488Z", revision_history: [ { date: "2024-07-17T13:54:56.036488Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "mysql_cluster", product: { name: "mysql_cluster", product_id: "CSAFPID-764289", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_cluster", product: { name: "mysql_cluster", product_id: "CSAFPID-1503737", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_cluster:8.0.37:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_cluster", product: { name: "mysql_cluster", product_id: "CSAFPID-611599", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_cluster:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_cluster", product: { name: "mysql_cluster", product_id: "CSAFPID-1503740", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_cluster:8.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_connectors", product: { name: "mysql_connectors", product_id: "CSAFPID-221160", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_connectors", product: { name: "mysql_connectors", product_id: "CSAFPID-912112", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_connectors:8.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_connectors", product: { name: "mysql_connectors", product_id: "CSAFPID-1503309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_connectors:8.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_enterprise_backup", product: { name: "mysql_enterprise_backup", product_id: "CSAFPID-764939", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_enterprise_backup", product: { name: "mysql_enterprise_backup", product_id: "CSAFPID-912114", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_enterprise_backup:8.0.36:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_enterprise_backup", product: { name: "mysql_enterprise_backup", product_id: "CSAFPID-912113", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_enterprise_backup:8.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_enterprise_monitor", product: { name: "mysql_enterprise_monitor", product_id: "CSAFPID-764290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_enterprise_monitor", product: { name: "mysql_enterprise_monitor", product_id: "CSAFPID-912115", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.37:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503882", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503876", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503822", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503792", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503836", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503842", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503786", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503856", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503878", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503888", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.19:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503866", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503788", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.20:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503851", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.21:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503843", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503804", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503759", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503823", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503809", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503837", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.29:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503760", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503880", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.30:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503887", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.31:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503855", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.32:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503768", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.34:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503862", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503853", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503758", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503818", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503800", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503869", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503860", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503885", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503872", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503871", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503849", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503841", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.19:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503831", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.20:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503805", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.21:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503840", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503848", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503859", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503868", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503873", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503861", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.29:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503817", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.30:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503808", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503769", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503802", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503854", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503863", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503847", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503857", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503877", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503883", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503832", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503858", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503850", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.19:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503824", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503821", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.20:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503810", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.21:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503798", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503846", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503865", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503886", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.29:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503864", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.30:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.31:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.32:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503839", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503811", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.34:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.35:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.36:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503794", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.37:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503797", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503814", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503807", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503813", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503806", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503816", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503801", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-504250", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-912117", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:8.0.36:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-1503653", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:8.0.38:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-611602", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-912116", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:8.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-1503657", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:8.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-1503659", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_workbench", product: { name: "mysql_workbench", product_id: "CSAFPID-764763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_workbench", product: { name: "mysql_workbench", product_id: "CSAFPID-1503321", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_workbench:8.0.36:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93497", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93496", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93495", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93494", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93492", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93491", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93490", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93489", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93488", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93487", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93486", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.19:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93485", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93484", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.20:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93483", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.21:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93482", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93481", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93480", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503875", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503884", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503870", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503783", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.29:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93479", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503799", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.30:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503827", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.31:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503815", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.32:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503812", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.34:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93478", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93477", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93476", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93475", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93474", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93473", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93472", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93471", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93470", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93469", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93468", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93467", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93466", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93465", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93464", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93463", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93462", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503834", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.19:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93461", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93460", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.20:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503874", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.21:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503867", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503852", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503785", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503819", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.29:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93459", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.30:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93458", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93457", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93456", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93455", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93454", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93453", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93339", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93337", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93336", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93335", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93334", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93333", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93332", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93331", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93330", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93329", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93328", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.19:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.20:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.21:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93321", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93320", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-283963", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.29:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-283962", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.30:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-283964", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.31:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-94333", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.32:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-248612", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-716944", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.34:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913003", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.35:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913004", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.36:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503879", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.37:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503922", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.38:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-912999", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913000", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913001", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913002", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913005", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913006", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913007", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503844", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503921", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503920", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:9.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2021-24112", product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-764763", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", ], }, references: [ { category: "self", summary: "CVE-2021-24112", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-24112.json", }, ], title: "CVE-2021-24112", }, { cve: "CVE-2023-6129", cwe: { id: "CWE-328", name: "Use of Weak Hash", }, notes: [ { category: "other", text: "Use of Weak Hash", title: "CWE-328", }, ], product_status: { known_affected: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2023-6129", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6129.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2023-6129", }, { cve: "CVE-2023-37920", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2023-37920", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2023-37920", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-611599", "CSAFPID-611602", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764763", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-611599", "CSAFPID-611602", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764763", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2024-0450", cwe: { id: "CWE-450", name: "Multiple Interpretations of UI Input", }, notes: [ { category: "other", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "other", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-0450", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-0450", }, { cve: "CVE-2024-20996", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-20996", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-20996.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-20996", }, { cve: "CVE-2024-21125", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21125", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21125.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21125", }, { cve: "CVE-2024-21127", cwe: { id: "CWE-285", name: "Improper Authorization", }, notes: [ { category: "other", text: "Improper Authorization", title: "CWE-285", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21127", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21127.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21127", }, { cve: "CVE-2024-21129", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21129", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21129.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21129", }, { cve: "CVE-2024-21130", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21130", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21130.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21130", }, { cve: "CVE-2024-21134", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21134", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21134.json", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21134", }, { cve: "CVE-2024-21135", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21135", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21135.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21135", }, { cve: "CVE-2024-21137", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21137.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21137", }, { cve: "CVE-2024-21142", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21142", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21142.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21142", }, { cve: "CVE-2024-21157", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21157", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21157.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21157", }, { cve: "CVE-2024-21159", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21159", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21159.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21159", }, { cve: "CVE-2024-21160", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21160", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21160.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21160", }, { cve: "CVE-2024-21162", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21162", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21162.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21162", }, { cve: "CVE-2024-21163", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21163", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21163.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21163", }, { cve: "CVE-2024-21165", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21165", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21165.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21165", }, { cve: "CVE-2024-21166", cwe: { id: "CWE-285", name: "Improper Authorization", }, notes: [ { category: "other", text: "Improper Authorization", title: "CWE-285", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21166", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21166.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21166", }, { cve: "CVE-2024-21170", product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21170", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21170.json", }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21170", }, { cve: "CVE-2024-21171", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21171", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21171.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21171", }, { cve: "CVE-2024-21173", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21173", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21173.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21173", }, { cve: "CVE-2024-21176", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21176", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21176.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21176", }, { cve: "CVE-2024-21177", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21177", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21177.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21177", }, { cve: "CVE-2024-21179", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21179", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21179.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21179", }, { cve: "CVE-2024-21185", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21185", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21185.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21185", }, { cve: "CVE-2024-22257", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-22257", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-25062", }, ], }
NCSC-2024-0303
Vulnerability from csaf_ncscnl
Published
2024-07-17 13:54
Modified
2024-07-17 13:54
Summary
Kwetsbaarheden verholpen in Oracle MySQL
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Er zijn kwetsbaarheden verholpen in Oracle MySQL.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen
Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans
medium
Schade
high
CWE-20
Improper Input Validation
CWE-222
Truncation of Security-relevant Information
CWE-284
Improper Access Control
CWE-285
Improper Authorization
CWE-295
Improper Certificate Validation
CWE-328
Use of Weak Hash
CWE-345
Insufficient Verification of Data Authenticity
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-416
Use After Free
CWE-450
Multiple Interpretations of UI Input
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Er zijn kwetsbaarheden verholpen in Oracle MySQL.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Authorization", title: "CWE-285", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Use of Weak Hash", title: "CWE-328", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-24112", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-37920", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52425", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-0450", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-20996", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21125", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21127", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21129", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21130", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21134", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21135", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21137", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21142", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21157", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21159", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21160", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21162", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21163", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21165", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21166", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21170", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21171", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21173", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21176", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21177", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21179", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21185", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22257", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22262", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24549", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "Reference - oracle", url: "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json", }, { category: "external", summary: "Reference - cveprojectv5; ibm; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle MySQL", tracking: { current_release_date: "2024-07-17T13:54:56.036488Z", id: "NCSC-2024-0303", initial_release_date: "2024-07-17T13:54:56.036488Z", revision_history: [ { date: "2024-07-17T13:54:56.036488Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "mysql_cluster", product: { name: "mysql_cluster", product_id: "CSAFPID-764289", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_cluster", product: { name: "mysql_cluster", product_id: "CSAFPID-1503737", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_cluster:8.0.37:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_cluster", product: { name: "mysql_cluster", product_id: "CSAFPID-611599", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_cluster:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_cluster", product: { name: "mysql_cluster", product_id: "CSAFPID-1503740", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_cluster:8.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_connectors", product: { name: "mysql_connectors", product_id: "CSAFPID-221160", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_connectors", product: { name: "mysql_connectors", product_id: "CSAFPID-912112", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_connectors:8.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_connectors", product: { name: "mysql_connectors", product_id: "CSAFPID-1503309", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_connectors:8.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_enterprise_backup", product: { name: "mysql_enterprise_backup", product_id: "CSAFPID-764939", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_enterprise_backup:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_enterprise_backup", product: { name: "mysql_enterprise_backup", product_id: "CSAFPID-912114", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_enterprise_backup:8.0.36:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_enterprise_backup", product: { name: "mysql_enterprise_backup", product_id: "CSAFPID-912113", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_enterprise_backup:8.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_enterprise_monitor", product: { name: "mysql_enterprise_monitor", product_id: "CSAFPID-764290", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_enterprise_monitor", product: { name: "mysql_enterprise_monitor", product_id: "CSAFPID-912115", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.37:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503882", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503876", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503822", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503792", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503836", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503842", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503779", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503786", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503856", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503835", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503878", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503888", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.19:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503866", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503788", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.20:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503851", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.21:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503843", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503804", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503759", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503823", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503809", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503837", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503796", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503762", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.29:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503760", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503880", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.30:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503887", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.31:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503855", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.32:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503768", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503778", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.34:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503862", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503853", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503845", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503803", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503758", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503818", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.5.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503782", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503800", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503869", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503771", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503860", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503885", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503872", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503871", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503789", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503849", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503841", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.19:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503831", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503765", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.20:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503805", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.21:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503840", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503848", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503859", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503761", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503868", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503873", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503881", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503861", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.29:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503817", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503777", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.30:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503808", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503769", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503802", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503830", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503854", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503784", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:7.6.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503838", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503863", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503847", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503857", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503767", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503877", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503883", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503832", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503858", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503766", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503776", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503850", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.19:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503824", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503821", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.20:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503810", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.21:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503770", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503798", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503828", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503846", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503775", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503773", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503865", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503886", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.29:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503864", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503781", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.30:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503787", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.31:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503793", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.32:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503839", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503811", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.34:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503820", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.35:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503764", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.36:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503794", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.37:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503790", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503780", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503797", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503826", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503814", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503807", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503813", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503806", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503816", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_ndb_cluster", product: { name: "mysql_ndb_cluster", product_id: "CSAFPID-1503801", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_ndb_cluster:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-504250", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-912117", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:8.0.36:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-1503653", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:8.0.38:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-611602", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:8.1.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-912116", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:8.3.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-1503657", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:8.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_server", product: { name: "mysql_server", product_id: "CSAFPID-1503659", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_server:9.0.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_workbench", product: { name: "mysql_workbench", product_id: "CSAFPID-764763", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql_workbench", product: { name: "mysql_workbench", product_id: "CSAFPID-1503321", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql_workbench:8.0.36:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93497", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93496", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93495", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93494", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93493", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93492", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93491", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93490", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93489", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93488", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93487", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93486", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.19:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93485", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93484", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.20:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93483", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.21:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93482", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93481", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93480", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503875", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503884", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503829", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503870", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503783", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.29:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93479", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503799", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.30:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503827", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.31:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503815", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.32:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503812", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503774", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.34:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93478", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93477", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93476", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93475", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93474", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93473", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.5.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93472", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93471", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93470", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93469", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93468", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93467", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93466", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93465", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93464", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93463", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93462", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503834", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.19:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93461", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93460", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.20:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503874", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.21:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503867", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503833", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503852", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503785", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503772", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503795", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503825", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503819", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.29:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93459", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503791", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.30:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93458", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93457", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93456", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93455", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93454", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93453", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:7.6.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93339", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93337", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93336", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93335", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93334", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93333", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93332", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93331", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93330", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.16:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93329", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.17:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93328", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.18:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93327", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.19:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93326", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93325", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.20:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93324", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.21:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93323", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93322", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93321", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93320", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.25:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93319", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.26:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93318", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.27:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93317", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.28:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-283963", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.29:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93316", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-283962", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.30:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-283964", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.31:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-94333", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.32:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-248612", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.33:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-716944", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.34:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913003", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.35:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913004", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.36:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503879", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.37:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503922", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.38:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93314", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-93313", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.5:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-912999", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.6:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913000", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.7:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913001", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.8:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913002", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.0.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913005", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913006", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-913007", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503844", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503921", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:8.4.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "mysql", product: { name: "mysql", product_id: "CSAFPID-1503920", product_identification_helper: { cpe: "cpe:2.3:a:oracle:mysql:9.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2021-24112", product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-764763", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", ], }, references: [ { category: "self", summary: "CVE-2021-24112", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-24112.json", }, ], title: "CVE-2021-24112", }, { cve: "CVE-2023-6129", cwe: { id: "CWE-328", name: "Use of Weak Hash", }, notes: [ { category: "other", text: "Use of Weak Hash", title: "CWE-328", }, ], product_status: { known_affected: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2023-6129", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6129.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2023-6129", }, { cve: "CVE-2023-37920", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2023-37920", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2023-37920", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-611599", "CSAFPID-611602", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764763", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-611599", "CSAFPID-611602", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764763", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2024-0450", cwe: { id: "CWE-450", name: "Multiple Interpretations of UI Input", }, notes: [ { category: "other", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "other", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-0450", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-0450", }, { cve: "CVE-2024-20996", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-20996", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-20996.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-20996", }, { cve: "CVE-2024-21125", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21125", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21125.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21125", }, { cve: "CVE-2024-21127", cwe: { id: "CWE-285", name: "Improper Authorization", }, notes: [ { category: "other", text: "Improper Authorization", title: "CWE-285", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21127", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21127.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21127", }, { cve: "CVE-2024-21129", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21129", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21129.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21129", }, { cve: "CVE-2024-21130", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21130", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21130.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21130", }, { cve: "CVE-2024-21134", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21134", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21134.json", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21134", }, { cve: "CVE-2024-21135", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21135", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21135.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21135", }, { cve: "CVE-2024-21137", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21137", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21137.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21137", }, { cve: "CVE-2024-21142", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21142", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21142.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21142", }, { cve: "CVE-2024-21157", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21157", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21157.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21157", }, { cve: "CVE-2024-21159", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21159", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21159.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21159", }, { cve: "CVE-2024-21160", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21160", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21160.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21160", }, { cve: "CVE-2024-21162", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21162", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21162.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21162", }, { cve: "CVE-2024-21163", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21163", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21163.json", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21163", }, { cve: "CVE-2024-21165", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21165", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21165.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21165", }, { cve: "CVE-2024-21166", cwe: { id: "CWE-285", name: "Improper Authorization", }, notes: [ { category: "other", text: "Improper Authorization", title: "CWE-285", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21166", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21166.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21166", }, { cve: "CVE-2024-21170", product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21170", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21170.json", }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21170", }, { cve: "CVE-2024-21171", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21171", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21171.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21171", }, { cve: "CVE-2024-21173", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21173", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21173.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21173", }, { cve: "CVE-2024-21176", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21176", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21176.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21176", }, { cve: "CVE-2024-21177", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21177", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21177.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21177", }, { cve: "CVE-2024-21179", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21179", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21179.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21179", }, { cve: "CVE-2024-21185", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-21185", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21185.json", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-21185", }, { cve: "CVE-2024-22257", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-22257", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-764289", "CSAFPID-221160", "CSAFPID-764290", "CSAFPID-504250", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-221160", "CSAFPID-504250", "CSAFPID-764289", "CSAFPID-764290", "CSAFPID-764939", "CSAFPID-1503653", "CSAFPID-1503657", "CSAFPID-1503659", "CSAFPID-764763", ], }, ], title: "CVE-2024-25062", }, ], }
NCSC-2024-0332
Vulnerability from csaf_ncscnl
Published
2024-08-13 09:21
Modified
2024-08-13 09:21
Summary
Kwetsbaarheden verholpen in Siemens producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Siemens heeft kwetsbaarheden verholpen in diverse producten als COMOS, INTRALOG, LOGO!, NX, SCALANCE, SINEC en Teamcenter.
Interpretaties
De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipulatie van gegevens
- Omzeilen van een beveiligingsmaatregel
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot systeemgegevens
- Spoofing
- Verhoogde gebruikersrechten
De kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.
Oplossingen
Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-125
Out-of-bounds Read
CWE-20
Improper Input Validation
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-250
Execution with Unnecessary Privileges
CWE-256
Plaintext Storage of a Password
CWE-269
Improper Privilege Management
CWE-284
Improper Access Control
CWE-307
Improper Restriction of Excessive Authentication Attempts
CWE-326
Inadequate Encryption Strength
CWE-358
Improperly Implemented Security Check for Standard
CWE-488
Exposure of Data Element to Wrong Session
CWE-521
Weak Password Requirements
CWE-524
Use of Cache Containing Sensitive Information
CWE-532
Insertion of Sensitive Information into Log File
CWE-863
Incorrect Authorization
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Siemens heeft kwetsbaarheden verholpen in diverse producten als COMOS, INTRALOG, LOGO!, NX, SCALANCE, SINEC en Teamcenter.", title: "Feiten", }, { category: "description", text: "De kwetsbaarheden stellen een kwaadwillende mogelijk in staat aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipulatie van gegevens\n- Omzeilen van een beveiligingsmaatregel\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot systeemgegevens\n- Spoofing\n- Verhoogde gebruikersrechten\n\nDe kwaadwillende heeft hiervoor toegang nodig tot de productieomgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.", title: "Interpretaties", }, { category: "description", text: "Siemens heeft beveiligingsupdates uitgebracht om de kwetsbaarheden te verhelpen. Voor de kwetsbaarheden waar nog geen updates voor zijn, heeft Siemens mitigerende maatregelen gepubliceerd om de risico's zoveel als mogelijk te beperken. Zie de bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Out-of-bounds Read", title: "CWE-125", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Execution with Unnecessary Privileges", title: "CWE-250", }, { category: "general", text: "Plaintext Storage of a Password", title: "CWE-256", }, { category: "general", text: "Improper Privilege Management", title: "CWE-269", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Restriction of Excessive Authentication Attempts", title: "CWE-307", }, { category: "general", text: "Inadequate Encryption Strength", title: "CWE-326", }, { category: "general", text: "Improperly Implemented Security Check for Standard", title: "CWE-358", }, { category: "general", text: "Exposure of Data Element to Wrong Session", title: "CWE-488", }, { category: "general", text: "Weak Password Requirements", title: "CWE-521", }, { category: "general", text: "Use of Cache Containing Sensitive Information", title: "CWE-524", }, { category: "general", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, { category: "general", text: "Incorrect Authorization", title: "CWE-863", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-087301.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-357412.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-417547.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-659443.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-716317.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-720392.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-784301.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-856475.pdf", }, { category: "external", summary: "Reference - ncscclear", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-921449.pdf", }, ], title: "Kwetsbaarheden verholpen in Siemens producten", tracking: { current_release_date: "2024-08-13T09:21:28.381575Z", id: "NCSC-2024-0332", initial_release_date: "2024-08-13T09:21:28.381575Z", revision_history: [ { date: "2024-08-13T09:21:28.381575Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, vulnerabilities: [ { cve: "CVE-2023-4611", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2023-4611", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4611.json", }, ], title: "CVE-2023-4611", }, { cve: "CVE-2023-5180", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], references: [ { category: "self", summary: "CVE-2023-5180", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5180.json", }, ], title: "CVE-2023-5180", }, { cve: "CVE-2023-5868", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Function Call With Incorrect Argument Type", title: "CWE-686", }, ], references: [ { category: "self", summary: "CVE-2023-5868", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5868.json", }, ], title: "CVE-2023-5868", }, { cve: "CVE-2023-5869", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], references: [ { category: "self", summary: "CVE-2023-5869", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5869.json", }, ], title: "CVE-2023-5869", }, { cve: "CVE-2023-5870", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-5870", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5870.json", }, ], title: "CVE-2023-5870", }, { cve: "CVE-2023-6378", cwe: { id: "CWE-499", name: "Serializable Class Containing Sensitive Data", }, notes: [ { category: "other", text: "Serializable Class Containing Sensitive Data", title: "CWE-499", }, ], references: [ { category: "self", summary: "CVE-2023-6378", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6378.json", }, ], title: "CVE-2023-6378", }, { cve: "CVE-2023-6481", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-6481", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6481.json", }, ], title: "CVE-2023-6481", }, { cve: "CVE-2023-26495", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2023-26495", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-26495.json", }, ], title: "CVE-2023-26495", }, { cve: "CVE-2023-31122", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2023-31122", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-31122.json", }, ], title: "CVE-2023-31122", }, { cve: "CVE-2023-34050", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], references: [ { category: "self", summary: "CVE-2023-34050", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34050.json", }, ], title: "CVE-2023-34050", }, { cve: "CVE-2023-39615", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, ], references: [ { category: "self", summary: "CVE-2023-39615", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-39615.json", }, ], title: "CVE-2023-39615", }, { cve: "CVE-2023-42794", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], references: [ { category: "self", summary: "CVE-2023-42794", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42794.json", }, ], title: "CVE-2023-42794", }, { cve: "CVE-2023-42795", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], references: [ { category: "self", summary: "CVE-2023-42795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42795.json", }, ], title: "CVE-2023-42795", }, { cve: "CVE-2023-43622", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-43622", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-43622.json", }, ], title: "CVE-2023-43622", }, { cve: "CVE-2023-44321", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-44321", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44321.json", }, ], title: "CVE-2023-44321", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-44487", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json", }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-45648", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2023-45648", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45648.json", }, ], title: "CVE-2023-45648", }, { cve: "CVE-2023-45802", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-45802", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45802.json", }, ], title: "CVE-2023-45802", }, { cve: "CVE-2023-46120", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-46120", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46120.json", }, ], title: "CVE-2023-46120", }, { cve: "CVE-2023-46280", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2023-46280", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46280.json", }, ], title: "CVE-2023-46280", }, { cve: "CVE-2023-46589", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2023-46589", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json", }, ], title: "CVE-2023-46589", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], title: "CVE-2023-52425", }, { cve: "CVE-2023-52426", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, ], references: [ { category: "self", summary: "CVE-2023-52426", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52426.json", }, ], title: "CVE-2023-52426", }, { cve: "CVE-2024-0056", cwe: { id: "CWE-420", name: "Unprotected Alternate Channel", }, notes: [ { category: "other", text: "Unprotected Alternate Channel", title: "CWE-420", }, { category: "other", text: "Cleartext Transmission of Sensitive Information", title: "CWE-319", }, ], references: [ { category: "self", summary: "CVE-2024-0056", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0056.json", }, ], title: "CVE-2024-0056", }, { cve: "CVE-2024-0985", cwe: { id: "CWE-271", name: "Privilege Dropping / Lowering Errors", }, notes: [ { category: "other", text: "Privilege Dropping / Lowering Errors", title: "CWE-271", }, ], references: [ { category: "self", summary: "CVE-2024-0985", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0985.json", }, ], title: "CVE-2024-0985", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28757", cwe: { id: "CWE-611", name: "Improper Restriction of XML External Entity Reference", }, notes: [ { category: "other", text: "Improper Restriction of XML External Entity Reference", title: "CWE-611", }, { category: "other", text: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", title: "CWE-776", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2024-28757", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28757.json", }, ], title: "CVE-2024-28757", }, { cve: "CVE-2024-30045", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "other", text: "Improper Restriction of Operations within the Bounds of a Memory Buffer", title: "CWE-119", }, { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], references: [ { category: "self", summary: "CVE-2024-30045", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-30045.json", }, ], title: "CVE-2024-30045", }, { cve: "CVE-2024-32635", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2024-32635", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32635.json", }, ], title: "CVE-2024-32635", }, { cve: "CVE-2024-32636", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2024-32636", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32636.json", }, ], title: "CVE-2024-32636", }, { cve: "CVE-2024-32637", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], references: [ { category: "self", summary: "CVE-2024-32637", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-32637.json", }, ], title: "CVE-2024-32637", }, { cve: "CVE-2024-36398", cwe: { id: "CWE-250", name: "Execution with Unnecessary Privileges", }, notes: [ { category: "other", text: "Execution with Unnecessary Privileges", title: "CWE-250", }, ], references: [ { category: "self", summary: "CVE-2024-36398", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36398.json", }, ], title: "CVE-2024-36398", }, { cve: "CVE-2024-39922", cwe: { id: "CWE-256", name: "Plaintext Storage of a Password", }, notes: [ { category: "other", text: "Plaintext Storage of a Password", title: "CWE-256", }, ], references: [ { category: "self", summary: "CVE-2024-39922", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-39922.json", }, ], title: "CVE-2024-39922", }, { cve: "CVE-2024-41681", cwe: { id: "CWE-326", name: "Inadequate Encryption Strength", }, notes: [ { category: "other", text: "Inadequate Encryption Strength", title: "CWE-326", }, ], references: [ { category: "self", summary: "CVE-2024-41681", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41681.json", }, ], title: "CVE-2024-41681", }, { cve: "CVE-2024-41682", cwe: { id: "CWE-307", name: "Improper Restriction of Excessive Authentication Attempts", }, notes: [ { category: "other", text: "Improper Restriction of Excessive Authentication Attempts", title: "CWE-307", }, ], references: [ { category: "self", summary: "CVE-2024-41682", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41682.json", }, ], title: "CVE-2024-41682", }, { cve: "CVE-2024-41683", cwe: { id: "CWE-521", name: "Weak Password Requirements", }, notes: [ { category: "other", text: "Weak Password Requirements", title: "CWE-521", }, ], references: [ { category: "self", summary: "CVE-2024-41683", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41683.json", }, ], title: "CVE-2024-41683", }, { cve: "CVE-2024-41903", cwe: { id: "CWE-269", name: "Improper Privilege Management", }, notes: [ { category: "other", text: "Improper Privilege Management", title: "CWE-269", }, ], references: [ { category: "self", summary: "CVE-2024-41903", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41903.json", }, ], title: "CVE-2024-41903", }, { cve: "CVE-2024-41904", cwe: { id: "CWE-307", name: "Improper Restriction of Excessive Authentication Attempts", }, notes: [ { category: "other", text: "Improper Restriction of Excessive Authentication Attempts", title: "CWE-307", }, ], references: [ { category: "self", summary: "CVE-2024-41904", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41904.json", }, ], title: "CVE-2024-41904", }, { cve: "CVE-2024-41905", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], references: [ { category: "self", summary: "CVE-2024-41905", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41905.json", }, ], title: "CVE-2024-41905", }, { cve: "CVE-2024-41906", cwe: { id: "CWE-524", name: "Use of Cache Containing Sensitive Information", }, notes: [ { category: "other", text: "Use of Cache Containing Sensitive Information", title: "CWE-524", }, ], references: [ { category: "self", summary: "CVE-2024-41906", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41906.json", }, ], title: "CVE-2024-41906", }, { cve: "CVE-2024-41907", cwe: { id: "CWE-358", name: "Improperly Implemented Security Check for Standard", }, notes: [ { category: "other", text: "Improperly Implemented Security Check for Standard", title: "CWE-358", }, ], references: [ { category: "self", summary: "CVE-2024-41907", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41907.json", }, ], title: "CVE-2024-41907", }, { cve: "CVE-2024-41908", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "other", text: "Out-of-bounds Read", title: "CWE-125", }, ], references: [ { category: "self", summary: "CVE-2024-41908", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41908.json", }, ], title: "CVE-2024-41908", }, { cve: "CVE-2024-41938", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], references: [ { category: "self", summary: "CVE-2024-41938", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41938.json", }, ], title: "CVE-2024-41938", }, { cve: "CVE-2024-41939", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "other", text: "Incorrect Authorization", title: "CWE-863", }, ], references: [ { category: "self", summary: "CVE-2024-41939", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41939.json", }, ], title: "CVE-2024-41939", }, { cve: "CVE-2024-41940", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2024-41940", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41940.json", }, ], title: "CVE-2024-41940", }, { cve: "CVE-2024-41941", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "other", text: "Incorrect Authorization", title: "CWE-863", }, ], references: [ { category: "self", summary: "CVE-2024-41941", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41941.json", }, ], title: "CVE-2024-41941", }, { cve: "CVE-2024-41976", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], references: [ { category: "self", summary: "CVE-2024-41976", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41976.json", }, ], title: "CVE-2024-41976", }, { cve: "CVE-2024-41977", cwe: { id: "CWE-488", name: "Exposure of Data Element to Wrong Session", }, notes: [ { category: "other", text: "Exposure of Data Element to Wrong Session", title: "CWE-488", }, ], references: [ { category: "self", summary: "CVE-2024-41977", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41977.json", }, ], title: "CVE-2024-41977", }, { cve: "CVE-2024-41978", cwe: { id: "CWE-532", name: "Insertion of Sensitive Information into Log File", }, notes: [ { category: "other", text: "Insertion of Sensitive Information into Log File", title: "CWE-532", }, ], references: [ { category: "self", summary: "CVE-2024-41978", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-41978.json", }, ], title: "CVE-2024-41978", }, ], }
NCSC-2024-0294
Vulnerability from csaf_ncscnl
Published
2024-07-17 13:52
Modified
2024-07-17 13:52
Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Er zijn kwetsbaarheden verholpen in Oracle Communications.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen
Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans
medium
Schade
high
CWE-681
Incorrect Conversion between Numeric Types
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-918
Server-Side Request Forgery (SSRF)
CWE-192
Integer Coercion Error
CWE-20
Improper Input Validation
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-222
Truncation of Security-relevant Information
CWE-284
Improper Access Control
CWE-295
Improper Certificate Validation
CWE-345
Insufficient Verification of Data Authenticity
CWE-352
Cross-Site Request Forgery (CSRF)
CWE-390
Detection of Error Condition Without Action
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-416
Use After Free
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-450
Multiple Interpretations of UI Input
CWE-459
Incomplete Cleanup
CWE-476
NULL Pointer Dereference
CWE-502
Deserialization of Untrusted Data
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Er zijn kwetsbaarheden verholpen in Oracle Communications.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Integer Coercion Error", title: "CWE-192", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Cross-Site Request Forgery (CSRF)", title: "CWE-352", }, { category: "general", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "general", text: "Incomplete Cleanup", title: "CWE-459", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-10086", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-29425", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-41184", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-48174", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-37920", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46589", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52425", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-0450", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22019", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22234", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22257", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22262", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23672", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23807", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23897", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24549", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25710", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-26130", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-27316", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28182", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-2961", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34064", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34069", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-6162", }, { category: "external", summary: "Reference - oracle", url: "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json", }, { category: "external", summary: "Reference - cveprojectv5; ibm; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Communications", tracking: { current_release_date: "2024-07-17T13:52:53.293003Z", id: "NCSC-2024-0294", initial_release_date: "2024-07-17T13:52:53.293003Z", revision_history: [ { date: "2024-07-17T13:52:53.293003Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-204629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-816792", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2019-10086", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2019-10086", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-10086.json", }, ], title: "CVE-2019-10086", }, { cve: "CVE-2021-29425", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2021-29425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29425.json", }, ], title: "CVE-2021-29425", }, { cve: "CVE-2021-37533", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2021-37533", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2021-37533", }, { cve: "CVE-2021-41184", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2021-41184", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41184.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-204629", "CSAFPID-816792", ], }, ], title: "CVE-2021-41184", }, { cve: "CVE-2022-34169", cwe: { id: "CWE-192", name: "Integer Coercion Error", }, notes: [ { category: "other", text: "Integer Coercion Error", title: "CWE-192", }, { category: "other", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2022-34169", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json", }, ], title: "CVE-2022-34169", }, { cve: "CVE-2022-36033", product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2022-36033", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36033.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2022-36033", }, { cve: "CVE-2022-42890", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2022-42890", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42890.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2022-42890", }, { cve: "CVE-2022-48174", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2022-48174", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-48174.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2022-48174", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-5685", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-5685", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-24998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json", }, ], title: "CVE-2023-24998", }, { cve: "CVE-2023-33201", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-33201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-33201", }, { cve: "CVE-2023-37920", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-37920", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-37920", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-44487", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json", }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-46589", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-46589", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-46589", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-51775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-51775", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2024-0450", cwe: { id: "CWE-450", name: "Multiple Interpretations of UI Input", }, notes: [ { category: "other", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "other", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-0450", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-0450", }, { cve: "CVE-2024-2961", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-2961", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-2961", }, { cve: "CVE-2024-6162", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-6162", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-6162", }, { cve: "CVE-2024-22019", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-22019", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22019.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-22019", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-22234", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-22234", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22234.json", }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-22234", }, { cve: "CVE-2024-22257", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-22257", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-23672", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-23672", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-23672", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-23897", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-23897", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23897.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-23897", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-25710", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-25710", }, { cve: "CVE-2024-26130", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-26130", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-26130", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-27316", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-27316", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27316.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-27316", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28752", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-28752", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28752.json", }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-28752", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-34064", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-34064", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-34064", }, { cve: "CVE-2024-34069", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, notes: [ { category: "other", text: "Cross-Site Request Forgery (CSRF)", title: "CWE-352", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-34069", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34069.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-34069", }, ], }
ncsc-2024-0294
Vulnerability from csaf_ncscnl
Published
2024-07-17 13:52
Modified
2024-07-17 13:52
Summary
Kwetsbaarheden verholpen in Oracle Communications
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Er zijn kwetsbaarheden verholpen in Oracle Communications.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen
Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans
medium
Schade
high
CWE-681
Incorrect Conversion between Numeric Types
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CWE-918
Server-Side Request Forgery (SSRF)
CWE-192
Integer Coercion Error
CWE-20
Improper Input Validation
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-222
Truncation of Security-relevant Information
CWE-284
Improper Access Control
CWE-295
Improper Certificate Validation
CWE-345
Insufficient Verification of Data Authenticity
CWE-352
Cross-Site Request Forgery (CSRF)
CWE-390
Detection of Error Condition Without Action
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-405
Asymmetric Resource Consumption (Amplification)
CWE-416
Use After Free
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-450
Multiple Interpretations of UI Input
CWE-459
Incomplete Cleanup
CWE-476
NULL Pointer Dereference
CWE-502
Deserialization of Untrusted Data
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Er zijn kwetsbaarheden verholpen in Oracle Communications.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, { category: "general", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, { category: "general", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "general", text: "Integer Coercion Error", title: "CWE-192", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "general", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, { category: "general", text: "Cross-Site Request Forgery (CSRF)", title: "CWE-352", }, { category: "general", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "general", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "general", text: "Incomplete Cleanup", title: "CWE-459", }, { category: "general", text: "NULL Pointer Dereference", title: "CWE-476", }, { category: "general", text: "Deserialization of Untrusted Data", title: "CWE-502", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2019-10086", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-29425", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-41184", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-34169", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-42890", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-48174", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-33201", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-37920", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46589", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52425", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5685", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-0450", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22019", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22234", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22257", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22262", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23672", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23807", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-23897", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-24549", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25710", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-26130", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-27316", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28182", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28752", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-28849", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-2961", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34064", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-34069", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-6162", }, { category: "external", summary: "Reference - oracle", url: "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json", }, { category: "external", summary: "Reference - cveprojectv5; ibm; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Communications", tracking: { current_release_date: "2024-07-17T13:52:53.293003Z", id: "NCSC-2024-0294", initial_release_date: "2024-07-17T13:52:53.293003Z", revision_history: [ { date: "2024-07-17T13:52:53.293003Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-204629", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "communications_asap", product: { name: "communications_asap", product_id: "CSAFPID-816792", product_identification_helper: { cpe: "cpe:2.3:a:oracle:communications_asap:7.4:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2019-10086", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "other", text: "Deserialization of Untrusted Data", title: "CWE-502", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2019-10086", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2019/CVE-2019-10086.json", }, ], title: "CVE-2019-10086", }, { cve: "CVE-2021-29425", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2021-29425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29425.json", }, ], title: "CVE-2021-29425", }, { cve: "CVE-2021-37533", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2021-37533", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2021-37533", }, { cve: "CVE-2021-41184", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2021-41184", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-41184.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-204629", "CSAFPID-816792", ], }, ], title: "CVE-2021-41184", }, { cve: "CVE-2022-34169", cwe: { id: "CWE-192", name: "Integer Coercion Error", }, notes: [ { category: "other", text: "Integer Coercion Error", title: "CWE-192", }, { category: "other", text: "Incorrect Conversion between Numeric Types", title: "CWE-681", }, ], product_status: { known_affected: [ "CSAFPID-204629", "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2022-34169", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json", }, ], title: "CVE-2022-34169", }, { cve: "CVE-2022-36033", product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2022-36033", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-36033.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2022-36033", }, { cve: "CVE-2022-42890", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2022-42890", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42890.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2022-42890", }, { cve: "CVE-2022-48174", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2022-48174", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-48174.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2022-48174", }, { cve: "CVE-2023-5685", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-5685", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5685.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-5685", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-24998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json", }, ], title: "CVE-2023-24998", }, { cve: "CVE-2023-33201", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-33201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-33201", }, { cve: "CVE-2023-37920", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "other", text: "Improper Certificate Validation", title: "CWE-295", }, { category: "other", text: "Insufficient Verification of Data Authenticity", title: "CWE-345", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-37920", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-37920", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-44487", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-44487.json", }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-46589", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, notes: [ { category: "other", text: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", title: "CWE-444", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-46589", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-46589", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-51775", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-51775", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-51775.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-51775", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2024-0450", cwe: { id: "CWE-450", name: "Multiple Interpretations of UI Input", }, notes: [ { category: "other", text: "Multiple Interpretations of UI Input", title: "CWE-450", }, { category: "other", text: "Asymmetric Resource Consumption (Amplification)", title: "CWE-405", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-0450", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json", }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-0450", }, { cve: "CVE-2024-2961", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-2961", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-2961", }, { cve: "CVE-2024-6162", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-6162", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6162.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-6162", }, { cve: "CVE-2024-22019", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-22019", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22019.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-22019", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-22234", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-22234", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22234.json", }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-22234", }, { cve: "CVE-2024-22257", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-22257", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json", }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-23672", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "other", text: "Incomplete Cleanup", title: "CWE-459", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-23672", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-23672", }, { cve: "CVE-2024-23807", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-23807", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23807.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-23807", }, { cve: "CVE-2024-23897", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", title: "CWE-88", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-23897", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23897.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-23897", }, { cve: "CVE-2024-24549", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-24549", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-24549", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-25710", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "other", text: "Loop with Unreachable Exit Condition ('Infinite Loop')", title: "CWE-835", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-25710", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25710.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-25710", }, { cve: "CVE-2024-26130", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "other", text: "NULL Pointer Dereference", title: "CWE-476", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-26130", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-26130", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-27316", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-27316", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27316.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-27316", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Detection of Error Condition Without Action", title: "CWE-390", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-28182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28752", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-28752", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28752.json", }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-28752", }, { cve: "CVE-2024-28849", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-28849", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28849.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-34064", cwe: { id: "CWE-79", name: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, notes: [ { category: "other", text: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", title: "CWE-79", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-34064", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34064.json", }, ], scores: [ { cvss_v3: { baseScore: 5.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-34064", }, { cve: "CVE-2024-34069", cwe: { id: "CWE-352", name: "Cross-Site Request Forgery (CSRF)", }, notes: [ { category: "other", text: "Cross-Site Request Forgery (CSRF)", title: "CWE-352", }, ], product_status: { known_affected: [ "CSAFPID-816792", ], }, references: [ { category: "self", summary: "CVE-2024-34069", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-34069.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-816792", ], }, ], title: "CVE-2024-34069", }, ], }
ncsc-2024-0419
Vulnerability from csaf_ncscnl
Published
2024-10-17 13:20
Modified
2024-10-17 13:20
Summary
Kwetsbaarheden verholpen in Oracle Java
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van data
- Uitvoer van willekeurige code (Gebruikersrechten)
- Toegang tot gevoelige gegevens
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-195
Signed to Unsigned Conversion Error
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-190
Integer Overflow or Wraparound
CWE-416
Use After Free
CWE-122
Heap-based Buffer Overflow
CWE-789
Memory Allocation with Excessive Size Value
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Toegang tot gevoelige gegevens\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Memory Allocation with Excessive Size Value", title: "CWE-789", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Java", tracking: { current_release_date: "2024-10-17T13:20:07.759085Z", id: "NCSC-2024-0419", initial_release_date: "2024-10-17T13:20:07.759085Z", revision_history: [ { date: "2024-10-17T13:20:07.759085Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673125", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673121", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673122", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673123", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673120", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:graalvm:oracle_java_se_23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673115", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673116", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673112", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673113", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673114", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673108", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673109", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673110", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673111", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673107", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673106", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673124", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle_corporation", }, { branches: [ { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912046", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1673300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503302", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1673301", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1673304", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1457455", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1672740", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673407", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1672742", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673406", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*", }, }, }, { category: "product_name", name: "database_server", product: { name: "database_server", product_id: "CSAFPID-1503604", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-550274", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912051", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:11.0.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1673306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912050", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503304", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:17.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1673303", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912049", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:21.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1673305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:22.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912048", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1673302", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912047", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503308", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:8u411:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1672741", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1673439", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912602", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503647", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503648", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912603", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912604", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503649", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912605", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503650", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503651", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912606", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674674", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674680", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674673", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674675", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674672", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674681", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674676", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674678", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674677", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674679", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-220891", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-7104", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1672741", ], }, references: [ { category: "self", summary: "CVE-2023-7104", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1672741", ], }, ], title: "CVE-2023-7104", }, { cve: "CVE-2023-42950", product_status: { known_affected: [ "CSAFPID-1672741", "CSAFPID-1673406", "CSAFPID-1673407", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2023-42950", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42950.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1672741", "CSAFPID-1673406", "CSAFPID-1673407", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, ], title: "CVE-2023-42950", }, { cve: "CVE-2024-21208", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673300", "CSAFPID-1673301", "CSAFPID-1673302", "CSAFPID-1673303", "CSAFPID-1673304", "CSAFPID-1673305", "CSAFPID-1672741", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2024-21208", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21208.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673300", "CSAFPID-1673301", "CSAFPID-1673302", "CSAFPID-1673303", "CSAFPID-1673304", "CSAFPID-1673305", "CSAFPID-1672741", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, ], title: "CVE-2024-21208", }, { cve: "CVE-2024-21210", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673305", "CSAFPID-1672741", "CSAFPID-1673303", "CSAFPID-1673302", "CSAFPID-1673306", "CSAFPID-220891", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2024-21210", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21210.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673305", "CSAFPID-1672741", "CSAFPID-1673303", "CSAFPID-1673302", "CSAFPID-1673306", "CSAFPID-220891", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, ], title: "CVE-2024-21210", }, { cve: "CVE-2024-21211", product_status: { known_affected: [ "CSAFPID-1673120", "CSAFPID-1673121", "CSAFPID-1673122", "CSAFPID-1673123", "CSAFPID-1673124", "CSAFPID-1673125", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673300", "CSAFPID-1673302", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2024-21211", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673120", "CSAFPID-1673121", "CSAFPID-1673122", "CSAFPID-1673123", "CSAFPID-1673124", "CSAFPID-1673125", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673300", "CSAFPID-1673302", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, ], title: "CVE-2024-21211", }, { cve: "CVE-2024-21217", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, notes: [ { category: "other", text: "Memory Allocation with Excessive Size Value", title: "CWE-789", }, ], product_status: { known_affected: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673305", "CSAFPID-1673302", "CSAFPID-1673303", "CSAFPID-1672741", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673300", "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2024-21217", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21217.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673305", "CSAFPID-1673302", "CSAFPID-1673303", "CSAFPID-1672741", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673300", "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, ], title: "CVE-2024-21217", }, { cve: "CVE-2024-21235", cwe: { id: "CWE-195", name: "Signed to Unsigned Conversion Error", }, notes: [ { category: "other", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, ], product_status: { known_affected: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673305", "CSAFPID-1673302", "CSAFPID-1673301", "CSAFPID-1672741", "CSAFPID-1673300", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673304", "CSAFPID-1673303", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2024-21235", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21235.json", }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673305", "CSAFPID-1673302", "CSAFPID-1673301", "CSAFPID-1672741", "CSAFPID-1673300", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673304", "CSAFPID-1673303", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, ], title: "CVE-2024-21235", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1672741", "CSAFPID-1673406", "CSAFPID-1673407", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", "CSAFPID-550274", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912047", "CSAFPID-912048", "CSAFPID-912049", "CSAFPID-912050", "CSAFPID-912051", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912602", "CSAFPID-912603", "CSAFPID-912604", "CSAFPID-912605", "CSAFPID-1503604", "CSAFPID-912606", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503647", "CSAFPID-1503648", "CSAFPID-1503649", "CSAFPID-1503650", "CSAFPID-1503651", "CSAFPID-1503300", "CSAFPID-1503304", "CSAFPID-1503305", "CSAFPID-1503307", "CSAFPID-1503308", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1672741", "CSAFPID-1673406", "CSAFPID-1673407", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", "CSAFPID-550274", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912047", "CSAFPID-912048", "CSAFPID-912049", "CSAFPID-912050", "CSAFPID-912051", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912602", "CSAFPID-912603", "CSAFPID-912604", "CSAFPID-912605", "CSAFPID-1503604", "CSAFPID-912606", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503647", "CSAFPID-1503648", "CSAFPID-1503649", "CSAFPID-1503650", "CSAFPID-1503651", "CSAFPID-1503300", "CSAFPID-1503304", "CSAFPID-1503305", "CSAFPID-1503307", "CSAFPID-1503308", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-36138", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1673300", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2024-36138", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json", }, ], title: "CVE-2024-36138", }, ], }
NCSC-2024-0298
Vulnerability from csaf_ncscnl
Published
2024-07-17 13:54
Modified
2024-07-17 13:54
Summary
Kwetsbaarheden verholpen in Oracle Fusion Middleware
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Er zijn kwetsbaarheden verholpen in Oracle Fusion Middleware.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen
Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans
medium
Schade
high
CWE-122
Heap-based Buffer Overflow
CWE-145
Improper Neutralization of Section Delimiters
CWE-190
Integer Overflow or Wraparound
CWE-20
Improper Input Validation
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-222
Truncation of Security-relevant Information
CWE-284
Improper Access Control
CWE-299
Improper Check for Certificate Revocation
CWE-306
Missing Authentication for Critical Function
CWE-328
Use of Weak Hash
CWE-377
Insecure Temporary File
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-416
Use After Free
CWE-552
Files or Directories Accessible to External Parties
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-787
Out-of-bounds Write
CWE-918
Server-Side Request Forgery (SSRF)
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Er zijn kwetsbaarheden verholpen in Oracle Fusion Middleware.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Improper Neutralization of Section Delimiters", title: "CWE-145", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Improper Input Validation", title: "CWE-20", }, { category: "general", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "general", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, { category: "general", text: "Truncation of Security-relevant Information", title: "CWE-222", }, { category: "general", text: "Improper Access Control", title: "CWE-284", }, { category: "general", text: "Improper Check for Certificate Revocation", title: "CWE-299", }, { category: "general", text: "Missing Authentication for Critical Function", title: "CWE-306", }, { category: "general", text: "Use of Weak Hash", title: "CWE-328", }, { category: "general", text: "Insecure Temporary File", title: "CWE-377", }, { category: "general", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "general", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, { category: "general", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "general", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, { category: "general", text: "Out-of-bounds Write", title: "CWE-787", }, { category: "general", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-13956", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2020-1945", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-29425", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-45378", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-29081", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-34034", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-36478", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-45853", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-46750", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-4759", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-5072", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-52425", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-0853", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21133", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21175", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21181", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21182", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21183", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22243", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22259", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22262", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", }, { category: "external", summary: "Source - nvd", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-29857", }, { category: "external", summary: "Reference - oracle", url: "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json", }, { category: "external", summary: "Reference - cveprojectv5; ibm; nvd; oracle", url: "https://www.oracle.com/security-alerts/cpujul2024.html", }, ], title: " Kwetsbaarheden verholpen in Oracle Fusion Middleware", tracking: { current_release_date: "2024-07-17T13:54:00.411174Z", id: "NCSC-2024-0298", initial_release_date: "2024-07-17T13:54:00.411174Z", revision_history: [ { date: "2024-07-17T13:54:00.411174Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "fusion_middleware_mapviewer", product: { name: "fusion_middleware_mapviewer", product_id: "CSAFPID-226018", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "fusion_middleware", product: { name: "fusion_middleware", product_id: "CSAFPID-271904", product_identification_helper: { cpe: "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2020-1945", cwe: { id: "CWE-377", name: "Insecure Temporary File", }, notes: [ { category: "other", text: "Insecure Temporary File", title: "CWE-377", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2020-1945", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-1945.json", }, ], title: "CVE-2020-1945", }, { cve: "CVE-2020-13956", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2020-13956", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-13956.json", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2020-13956", }, { cve: "CVE-2021-29425", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "other", text: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", title: "CWE-22", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2021-29425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-29425.json", }, ], title: "CVE-2021-29425", }, { cve: "CVE-2021-37533", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, notes: [ { category: "other", text: "Exposure of Sensitive Information to an Unauthorized Actor", title: "CWE-200", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2021-37533", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-37533.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2021-37533", }, { cve: "CVE-2022-40152", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "other", text: "Out-of-bounds Write", title: "CWE-787", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2022-40152", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-40152.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2022-40152", }, { cve: "CVE-2022-45378", cwe: { id: "CWE-306", name: "Missing Authentication for Critical Function", }, notes: [ { category: "other", text: "Missing Authentication for Critical Function", title: "CWE-306", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2022-45378", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-45378.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2022-45378", }, { cve: "CVE-2023-2976", cwe: { id: "CWE-552", name: "Files or Directories Accessible to External Parties", }, notes: [ { category: "other", text: "Files or Directories Accessible to External Parties", title: "CWE-552", }, ], product_status: { known_affected: [ "CSAFPID-271904", "CSAFPID-226018", ], }, references: [ { category: "self", summary: "CVE-2023-2976", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-2976.json", }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-271904", "CSAFPID-226018", ], }, ], title: "CVE-2023-2976", }, { cve: "CVE-2023-4759", product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-4759", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2023-4759", }, { cve: "CVE-2023-5072", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-271904", "CSAFPID-226018", ], }, references: [ { category: "self", summary: "CVE-2023-5072", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-271904", "CSAFPID-226018", ], }, ], title: "CVE-2023-5072", }, { cve: "CVE-2023-6129", cwe: { id: "CWE-328", name: "Use of Weak Hash", }, notes: [ { category: "other", text: "Use of Weak Hash", title: "CWE-328", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-6129", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-6129.json", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2023-6129", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-271904", "CSAFPID-226018", ], }, references: [ { category: "self", summary: "CVE-2023-24998", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-24998.json", }, ], title: "CVE-2023-24998", }, { cve: "CVE-2023-29081", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "other", text: "Improper Resource Shutdown or Release", title: "CWE-404", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-29081", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-29081.json", }, ], title: "CVE-2023-29081", }, { cve: "CVE-2023-34034", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "other", text: "Improper Access Control", title: "CWE-284", }, { category: "other", text: "Improper Neutralization of Section Delimiters", title: "CWE-145", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-34034", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34034.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2023-34034", }, { cve: "CVE-2023-36478", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-271904", "CSAFPID-226018", ], }, references: [ { category: "self", summary: "CVE-2023-36478", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36478.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-271904", "CSAFPID-226018", ], }, ], title: "CVE-2023-36478", }, { cve: "CVE-2023-45853", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-45853", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45853.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2023-45853", }, { cve: "CVE-2023-46750", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-46750", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46750.json", }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2023-46750", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "other", text: "Truncation of Security-relevant Information", title: "CWE-222", }, ], product_status: { known_affected: [ "CSAFPID-271904", "CSAFPID-226018", ], }, references: [ { category: "self", summary: "CVE-2023-48795", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-271904", "CSAFPID-226018", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2023-52425", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52425.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2024-0853", cwe: { id: "CWE-299", name: "Improper Check for Certificate Revocation", }, notes: [ { category: "other", text: "Improper Check for Certificate Revocation", title: "CWE-299", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-0853", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0853.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2024-0853", }, { cve: "CVE-2024-21133", product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-21133", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21133.json", }, ], title: "CVE-2024-21133", }, { cve: "CVE-2024-21175", product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-21175", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21175.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2024-21175", }, { cve: "CVE-2024-21181", product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-21181", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21181.json", }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2024-21181", }, { cve: "CVE-2024-21182", product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-21182", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21182.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2024-21182", }, { cve: "CVE-2024-21183", product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-21183", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21183.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2024-21183", }, { cve: "CVE-2024-22201", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-22201", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22201.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2024-22201", }, { cve: "CVE-2024-22243", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, notes: [ { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-22243", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22243.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2024-22243", }, { cve: "CVE-2024-22259", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, { category: "other", text: "Server-Side Request Forgery (SSRF)", title: "CWE-918", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-22259", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22259.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2024-22259", }, { cve: "CVE-2024-22262", cwe: { id: "CWE-601", name: "URL Redirection to Untrusted Site ('Open Redirect')", }, notes: [ { category: "other", text: "URL Redirection to Untrusted Site ('Open Redirect')", title: "CWE-601", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-22262", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json", }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2024-22262", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-26308", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-226018", "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-26308", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26308.json", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-226018", "CSAFPID-271904", ], }, ], title: "CVE-2024-26308", }, { cve: "CVE-2024-29025", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "other", text: "Allocation of Resources Without Limits or Throttling", title: "CWE-770", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-29025", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29025.json", }, ], title: "CVE-2024-29025", }, { cve: "CVE-2024-29857", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "other", text: "Uncontrolled Resource Consumption", title: "CWE-400", }, { category: "other", text: "Improper Input Validation", title: "CWE-20", }, ], product_status: { known_affected: [ "CSAFPID-271904", ], }, references: [ { category: "self", summary: "CVE-2024-29857", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-29857.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-271904", ], }, ], title: "CVE-2024-29857", }, ], }
NCSC-2024-0419
Vulnerability from csaf_ncscnl
Published
2024-10-17 13:20
Modified
2024-10-17 13:20
Summary
Kwetsbaarheden verholpen in Oracle Java
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van data
- Uitvoer van willekeurige code (Gebruikersrechten)
- Toegang tot gevoelige gegevens
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-130
Improper Handling of Length Parameter Inconsistency
CWE-195
Signed to Unsigned Conversion Error
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-190
Integer Overflow or Wraparound
CWE-416
Use After Free
CWE-122
Heap-based Buffer Overflow
CWE-789
Memory Allocation with Excessive Size Value
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", }, }, lang: "nl", notes: [ { category: "legal_disclaimer", text: "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.", }, { category: "description", text: "Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.", title: "Feiten", }, { category: "description", text: "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Toegang tot gevoelige gegevens\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.", title: "Interpretaties", }, { category: "description", text: "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", title: "Oplossingen", }, { category: "general", text: "medium", title: "Kans", }, { category: "general", text: "high", title: "Schade", }, { category: "general", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, { category: "general", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, { category: "general", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, { category: "general", text: "Integer Overflow or Wraparound", title: "CWE-190", }, { category: "general", text: "Use After Free", title: "CWE-416", }, { category: "general", text: "Heap-based Buffer Overflow", title: "CWE-122", }, { category: "general", text: "Memory Allocation with Excessive Size Value", title: "CWE-789", }, ], publisher: { category: "coordinator", contact_details: "cert@ncsc.nl", name: "Nationaal Cyber Security Centrum", namespace: "https://www.ncsc.nl/", }, references: [ { category: "external", summary: "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", url: "https://www.oracle.com/security-alerts/cpuoct2024.html", }, ], title: "Kwetsbaarheden verholpen in Oracle Java", tracking: { current_release_date: "2024-10-17T13:20:07.759085Z", id: "NCSC-2024-0419", initial_release_date: "2024-10-17T13:20:07.759085Z", revision_history: [ { date: "2024-10-17T13:20:07.759085Z", number: "0", summary: "Initiele versie", }, ], status: "final", version: "1.0.0", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673125", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673121", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673122", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673123", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673120", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:graalvm:oracle_java_se_23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673115", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673116", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673112", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673113", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673114", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673108", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673109", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673110", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673111", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673107", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "oracle_java_se", product: { name: "oracle_java_se", product_id: "CSAFPID-1673106", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673124", product_identification_helper: { cpe: "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle_corporation", }, { branches: [ { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912046", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503299", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1673300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912045", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503302", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1673301", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912044", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1503306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-1673304", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912600", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm_for_jdk", product: { name: "graalvm_for_jdk", product_id: "CSAFPID-912601", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1457455", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1672740", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673407", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1672742", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "graalvm", product: { name: "graalvm", product_id: "CSAFPID-1673406", product_identification_helper: { cpe: "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*", }, }, }, { category: "product_name", name: "database_server", product: { name: "database_server", product_id: "CSAFPID-1503604", product_identification_helper: { cpe: "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-550274", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912051", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503300", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:11.0.23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1673306", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912050", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503304", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:17.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1673303", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912049", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:21.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1673305", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503307", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:22.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912048", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1673302", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912047", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503308", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:8u411:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1672741", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1673439", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912602", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503647", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.14:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503648", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912603", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912604", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.10:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503649", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912605", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.2:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503650", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.3:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1503651", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22.0.1:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-912606", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674674", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674680", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674673", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674675", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674672", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674681", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674676", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674678", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674677", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-1674679", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*", }, }, }, { category: "product_name", name: "java_se", product: { name: "java_se", product_id: "CSAFPID-220891", product_identification_helper: { cpe: "cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*", }, }, }, ], category: "vendor", name: "oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2023-7104", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "other", text: "Heap-based Buffer Overflow", title: "CWE-122", }, ], product_status: { known_affected: [ "CSAFPID-1672741", ], }, references: [ { category: "self", summary: "CVE-2023-7104", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json", }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-1672741", ], }, ], title: "CVE-2023-7104", }, { cve: "CVE-2023-42950", product_status: { known_affected: [ "CSAFPID-1672741", "CSAFPID-1673406", "CSAFPID-1673407", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2023-42950", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42950.json", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-1672741", "CSAFPID-1673406", "CSAFPID-1673407", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, ], title: "CVE-2023-42950", }, { cve: "CVE-2024-21208", cwe: { id: "CWE-130", name: "Improper Handling of Length Parameter Inconsistency", }, notes: [ { category: "other", text: "Improper Handling of Length Parameter Inconsistency", title: "CWE-130", }, ], product_status: { known_affected: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673300", "CSAFPID-1673301", "CSAFPID-1673302", "CSAFPID-1673303", "CSAFPID-1673304", "CSAFPID-1673305", "CSAFPID-1672741", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2024-21208", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21208.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673300", "CSAFPID-1673301", "CSAFPID-1673302", "CSAFPID-1673303", "CSAFPID-1673304", "CSAFPID-1673305", "CSAFPID-1672741", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, ], title: "CVE-2024-21208", }, { cve: "CVE-2024-21210", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "other", text: "Integer Overflow or Wraparound", title: "CWE-190", }, ], product_status: { known_affected: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673305", "CSAFPID-1672741", "CSAFPID-1673303", "CSAFPID-1673302", "CSAFPID-1673306", "CSAFPID-220891", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2024-21210", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21210.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673305", "CSAFPID-1672741", "CSAFPID-1673303", "CSAFPID-1673302", "CSAFPID-1673306", "CSAFPID-220891", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, ], title: "CVE-2024-21210", }, { cve: "CVE-2024-21211", product_status: { known_affected: [ "CSAFPID-1673120", "CSAFPID-1673121", "CSAFPID-1673122", "CSAFPID-1673123", "CSAFPID-1673124", "CSAFPID-1673125", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673300", "CSAFPID-1673302", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2024-21211", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673120", "CSAFPID-1673121", "CSAFPID-1673122", "CSAFPID-1673123", "CSAFPID-1673124", "CSAFPID-1673125", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673300", "CSAFPID-1673302", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, ], title: "CVE-2024-21211", }, { cve: "CVE-2024-21217", cwe: { id: "CWE-789", name: "Memory Allocation with Excessive Size Value", }, notes: [ { category: "other", text: "Memory Allocation with Excessive Size Value", title: "CWE-789", }, ], product_status: { known_affected: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673305", "CSAFPID-1673302", "CSAFPID-1673303", "CSAFPID-1672741", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673300", "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2024-21217", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21217.json", }, ], scores: [ { cvss_v3: { baseScore: 3.7, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673305", "CSAFPID-1673302", "CSAFPID-1673303", "CSAFPID-1672741", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673300", "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, ], title: "CVE-2024-21217", }, { cve: "CVE-2024-21235", cwe: { id: "CWE-195", name: "Signed to Unsigned Conversion Error", }, notes: [ { category: "other", text: "Signed to Unsigned Conversion Error", title: "CWE-195", }, ], product_status: { known_affected: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673305", "CSAFPID-1673302", "CSAFPID-1673301", "CSAFPID-1672741", "CSAFPID-1673300", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673304", "CSAFPID-1673303", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2024-21235", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21235.json", }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673305", "CSAFPID-1673302", "CSAFPID-1673301", "CSAFPID-1672741", "CSAFPID-1673300", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673304", "CSAFPID-1673303", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, ], title: "CVE-2024-21235", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "other", text: "Use After Free", title: "CWE-416", }, ], product_status: { known_affected: [ "CSAFPID-1672741", "CSAFPID-1673406", "CSAFPID-1673407", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", "CSAFPID-550274", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912047", "CSAFPID-912048", "CSAFPID-912049", "CSAFPID-912050", "CSAFPID-912051", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912602", "CSAFPID-912603", "CSAFPID-912604", "CSAFPID-912605", "CSAFPID-1503604", "CSAFPID-912606", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503647", "CSAFPID-1503648", "CSAFPID-1503649", "CSAFPID-1503650", "CSAFPID-1503651", "CSAFPID-1503300", "CSAFPID-1503304", "CSAFPID-1503305", "CSAFPID-1503307", "CSAFPID-1503308", ], }, references: [ { category: "self", summary: "CVE-2024-25062", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-1672741", "CSAFPID-1673406", "CSAFPID-1673407", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", "CSAFPID-550274", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912047", "CSAFPID-912048", "CSAFPID-912049", "CSAFPID-912050", "CSAFPID-912051", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912602", "CSAFPID-912603", "CSAFPID-912604", "CSAFPID-912605", "CSAFPID-1503604", "CSAFPID-912606", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503647", "CSAFPID-1503648", "CSAFPID-1503649", "CSAFPID-1503650", "CSAFPID-1503651", "CSAFPID-1503300", "CSAFPID-1503304", "CSAFPID-1503305", "CSAFPID-1503307", "CSAFPID-1503308", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-36138", cwe: { id: "CWE-77", name: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", }, notes: [ { category: "other", text: "Improper Neutralization of Special Elements used in a Command ('Command Injection')", title: "CWE-77", }, ], product_status: { known_affected: [ "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1673300", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", ], }, references: [ { category: "self", summary: "CVE-2024-36138", url: "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json", }, ], title: "CVE-2024-36138", }, ], }
wid-sec-w-2024-1226
Vulnerability from csaf_certbund
Published
2024-05-22 22:00
Modified
2025-01-14 23:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder um weitere nicht spezifizierte Angriffe auszuführen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder um weitere nicht spezifizierte Angriffe auszuführen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1226 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1226.json", }, { category: "self", summary: "WID-SEC-2024-1226 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1226", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2874 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:2874", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2929 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:2929", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2930 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:2930", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2932 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:2932", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2933 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:2933", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2874 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:3316", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2901 vom 2024-05-23", url: "https://access.redhat.com/errata/RHSA-2024:2901", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3473 vom 2024-05-29", url: "https://access.redhat.com/errata/RHSA-2024:3473", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3790 vom 2024-06-11", url: "https://access.redhat.com/errata/RHSA-2024:3790", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3715 vom 2024-06-12", url: "https://access.redhat.com/errata/RHSA-2024:3715", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3314 vom 2024-06-13", url: "https://access.redhat.com/errata/RHSA-2024:3314", }, { category: "external", summary: "RedHat Security Advisory", url: "https://access.redhat.com/errata/RHSA-2024:3919", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:3830 vom 2024-06-14", url: "https://errata.build.resf.org/RLSA-2024:3830", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:3827 vom 2024-06-14", url: "https://errata.build.resf.org/RLSA-2024:3827", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3868 vom 2024-06-17", url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:3826 vom 2024-06-14", url: "https://errata.build.resf.org/RLSA-2024:3826", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3889 vom 2024-06-19", url: "https://access.redhat.com/errata/RHSA-2024:3889", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3989 vom 2024-06-20", url: "https://access.redhat.com/errata/RHSA-2024:3989", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4163 vom 2024-06-27", url: "https://access.redhat.com/errata/RHSA-2024:4163", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3637 vom 2024-07-01", url: "https://access.redhat.com/errata/RHSA-2024:3637", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1616 vom 2024-07-01", url: "https://access.redhat.com/errata/RHSA-2024:1616", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3617 vom 2024-07-01", url: "https://access.redhat.com/errata/RHSA-2024:3617", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4269 vom 2024-07-03", url: "https://access.redhat.com/errata/RHSA-2024:4269", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4553 vom 2024-07-16", url: "https://access.redhat.com/errata/RHSA-2024:4553", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4699 vom 2024-07-25", url: "https://access.redhat.com/errata/RHSA-2024:4699", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4455 vom 2024-07-29", url: "https://access.redhat.com/errata/RHSA-2024:4455", }, { category: "external", summary: "Amazon Linux Security Advisory ALASDOCKER-2024-041 vom 2024-08-13", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-041.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5422 vom 2024-08-20", url: "https://access.redhat.com/errata/RHSA-2024:5422", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5745 vom 2024-08-22", url: "https://access.redhat.com/errata/RHSA-2024:5745", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6667 vom 2024-09-13", url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6755 vom 2024-09-18", url: "https://access.redhat.com/errata/RHSA-2024:6755", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7164 vom 2024-09-26", url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7184 vom 2024-10-03", url: "https://access.redhat.com/errata/RHSA-2024:7184", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8318 vom 2024-10-23", url: "https://access.redhat.com/errata/RHSA-2024:8318", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8676 vom 2024-10-30", url: "https://access.redhat.com/errata/RHSA-2024:8676", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8677 vom 2024-10-30", url: "https://access.redhat.com/errata/RHSA-2024:8677", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8688 vom 2024-11-06", url: "https://access.redhat.com/errata/RHSA-2024:8688", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07", url: "https://access.redhat.com/errata/RHSA-2024:8692", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:9088 vom 2024-11-12", url: "https://access.redhat.com/errata/RHSA-2024:9088", }, { category: "external", summary: "Ubuntu Security Notice USN-7121-2 vom 2024-11-20", url: "https://ubuntu.com/security/notices/USN-7121-2", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2025:0164 vom 2025-01-09", url: "https://access.redhat.com/errata/RHSA-2025:0164", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2025:0323 vom 2025-01-15", url: "https://access.redhat.com/errata/RHSA-2025:0323", }, ], source_lang: "en-US", title: "Red Hat OpenShift: Mehrere Schwachstellen", tracking: { current_release_date: "2025-01-14T23:00:00.000+00:00", generator: { date: "2025-01-15T09:16:13.259+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-1226", initial_release_date: "2024-05-22T22:00:00.000+00:00", revision_history: [ { date: "2024-05-22T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-05-23T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-30T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-10T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-11T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-13T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-16T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen", }, { date: "2024-06-18T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-19T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-27T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-30T22:00:00.000+00:00", number: "11", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-02T22:00:00.000+00:00", number: "12", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-15T22:00:00.000+00:00", number: "13", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-25T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-29T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-13T22:00:00.000+00:00", number: "16", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-08-20T22:00:00.000+00:00", number: "17", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-21T22:00:00.000+00:00", number: "18", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-12T22:00:00.000+00:00", number: "19", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-18T22:00:00.000+00:00", number: "20", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-25T22:00:00.000+00:00", number: "21", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-03T22:00:00.000+00:00", number: "22", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-23T22:00:00.000+00:00", number: "23", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-30T23:00:00.000+00:00", number: "24", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-06T23:00:00.000+00:00", number: "25", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-11T23:00:00.000+00:00", number: "26", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-20T23:00:00.000+00:00", number: "27", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2025-01-08T23:00:00.000+00:00", number: "28", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2025-01-14T23:00:00.000+00:00", number: "29", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "29", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "RESF Rocky Linux", product: { name: "RESF Rocky Linux", product_id: "T032255", product_identification_helper: { cpe: "cpe:/o:resf:rocky_linux:-", }, }, }, ], category: "vendor", name: "RESF", }, { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "T035142", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_version", name: "9", product: { name: "Red Hat Enterprise Linux 9", product_id: "T038901", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:9", }, }, }, ], category: "product_name", name: "Enterprise Linux", }, { branches: [ { category: "product_version", name: "Secondary Scheduler Operator", product: { name: "Red Hat OpenShift Secondary Scheduler Operator", product_id: "T027759", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:::secondary_scheduler_operator", }, }, }, { category: "product_version", name: "Kube Descheduler Operator 5", product: { name: "Red Hat OpenShift Kube Descheduler Operator 5", product_id: "T033270", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:kube_descheduler_operator_5", }, }, }, { category: "product_name", name: "Red Hat OpenShift", product: { name: "Red Hat OpenShift", product_id: "T035034", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:-", }, }, }, { category: "product_version_range", name: "Migration Toolkit for Applications <7.0.3", product: { name: "Red Hat OpenShift Migration Toolkit for Applications <7.0.3", product_id: "T035036", }, }, { category: "product_version", name: "Migration Toolkit for Applications 7.0.3", product: { name: "Red Hat OpenShift Migration Toolkit for Applications 7.0.3", product_id: "T035036-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:migration_toolkit_for_applications__7.0.3", }, }, }, { category: "product_version", name: "Custom Metric Autoscaler 2", product: { name: "Red Hat OpenShift Custom Metric Autoscaler 2", product_id: "T035047", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:custom_metric_autoscaler_2", }, }, }, { category: "product_version", name: "Network Observability 1.6", product: { name: "Red Hat OpenShift Network Observability 1.6", product_id: "T035431", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:network_observability_1.6", }, }, }, { category: "product_version", name: "GitOps 1.12", product: { name: "Red Hat OpenShift GitOps 1.12", product_id: "T035679", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:gitops_1.12", }, }, }, { category: "product_version", name: "Run Once Duration Override Operator 1", product: { name: "Red Hat OpenShift Run Once Duration Override Operator 1", product_id: "T035698", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:run_once_duration_override_operator_1", }, }, }, { category: "product_version_range", name: "Container Platform <4.16.8", product: { name: "Red Hat OpenShift Container Platform <4.16.8", product_id: "T036959", }, }, { category: "product_version", name: "Container Platform 4.16.8", product: { name: "Red Hat OpenShift Container Platform 4.16.8", product_id: "T036959-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.16.8", }, }, }, { category: "product_version_range", name: "for Windows Containers <10.15.3", product: { name: "Red Hat OpenShift for Windows Containers <10.15.3", product_id: "T036993", }, }, { category: "product_version", name: "for Windows Containers 10.15.3", product: { name: "Red Hat OpenShift for Windows Containers 10.15.3", product_id: "T036993-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:for_windows_containers__10.15.3", }, }, }, { category: "product_version", name: "CodeReady Workspaces", product: { name: "Red Hat OpenShift CodeReady Workspaces", product_id: "T037618", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:codeready_workspaces", }, }, }, { category: "product_version_range", name: "Container Platform <4.14.38", product: { name: "Red Hat OpenShift Container Platform <4.14.38", product_id: "T037940", }, }, { category: "product_version", name: "Container Platform 4.14.38", product: { name: "Red Hat OpenShift Container Platform 4.14.38", product_id: "T037940-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.14.38", }, }, }, { category: "product_version_range", name: "Data Foundation <4.14.13", product: { name: "Red Hat OpenShift Data Foundation <4.14.13", product_id: "T040215", }, }, { category: "product_version", name: "Data Foundation 4.14.13", product: { name: "Red Hat OpenShift Data Foundation 4.14.13", product_id: "T040215-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:data_foundation__4.14.13", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2020-26555", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2020-26555", }, { cve: "CVE-2021-25220", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2021-25220", }, { cve: "CVE-2021-29390", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2021-29390", }, { cve: "CVE-2021-43618", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2021-43618", }, { cve: "CVE-2022-0480", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-0480", }, { cve: "CVE-2022-2795", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-2795", }, { cve: "CVE-2022-3094", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-3094", }, { cve: "CVE-2022-38096", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-38096", }, { cve: "CVE-2022-40090", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-40090", }, { cve: "CVE-2022-45934", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-45934", }, { cve: "CVE-2022-48554", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-48554", }, { cve: "CVE-2022-48624", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-48624", }, { cve: "CVE-2023-24023", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-24023", }, { cve: "CVE-2023-25193", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-25193", }, { cve: "CVE-2023-25775", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-25775", }, { cve: "CVE-2023-26159", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-26159", }, { cve: "CVE-2023-26364", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-26364", }, { cve: "CVE-2023-28322", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-28322", }, { cve: "CVE-2023-28464", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-28464", }, { cve: "CVE-2023-28866", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-28866", }, { cve: "CVE-2023-2975", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-2975", }, { cve: "CVE-2023-31083", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-31083", }, { cve: "CVE-2023-31122", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-31122", }, { cve: "CVE-2023-3446", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-3446", }, { cve: "CVE-2023-3567", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-3567", }, { cve: "CVE-2023-3618", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-3618", }, { cve: "CVE-2023-37453", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-37453", }, { cve: "CVE-2023-3817", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-3817", }, { cve: "CVE-2023-38469", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-38469", }, { cve: "CVE-2023-38470", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-38470", }, { cve: "CVE-2023-38471", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-38471", }, { cve: "CVE-2023-38472", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-38472", }, { cve: "CVE-2023-38473", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-38473", }, { cve: "CVE-2023-38546", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-38546", }, { cve: "CVE-2023-39189", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-39189", }, { cve: "CVE-2023-39193", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-39193", }, { cve: "CVE-2023-39194", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-39194", }, { cve: "CVE-2023-39198", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-39198", }, { cve: "CVE-2023-39326", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-39326", }, { cve: "CVE-2023-40745", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-40745", }, { cve: "CVE-2023-41175", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-41175", }, { cve: "CVE-2023-4133", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-4133", }, { cve: "CVE-2023-42754", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-42754", }, { cve: "CVE-2023-42756", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-42756", }, { cve: "CVE-2023-43785", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-43785", }, { cve: "CVE-2023-43786", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-43786", }, { cve: "CVE-2023-43787", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-43787", }, { cve: "CVE-2023-43788", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-43788", }, { cve: "CVE-2023-43789", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-43789", }, { cve: "CVE-2023-4408", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-4408", }, { cve: "CVE-2023-45286", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45286", }, { cve: "CVE-2023-45287", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45287", }, { cve: "CVE-2023-45288", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45288", }, { cve: "CVE-2023-45289", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45289", }, { cve: "CVE-2023-45290", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45290", }, { cve: "CVE-2023-45857", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45857", }, { cve: "CVE-2023-45863", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45863", }, { cve: "CVE-2023-46218", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-46218", }, { cve: "CVE-2023-46862", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-46862", }, { cve: "CVE-2023-47038", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-47038", }, { cve: "CVE-2023-48631", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-48631", }, { cve: "CVE-2023-50387", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-50387", }, { cve: "CVE-2023-50868", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-50868", }, { cve: "CVE-2023-51043", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-51043", }, { cve: "CVE-2023-51779", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-51779", }, { cve: "CVE-2023-51780", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-51780", }, { cve: "CVE-2023-52425", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52425", }, { cve: "CVE-2023-52434", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52434", }, { cve: "CVE-2023-52448", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52448", }, { cve: "CVE-2023-52476", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52476", }, { cve: "CVE-2023-52489", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52489", }, { cve: "CVE-2023-52522", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52522", }, { cve: "CVE-2023-52529", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52529", }, { cve: "CVE-2023-52574", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52574", }, { cve: "CVE-2023-52578", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52578", }, { cve: "CVE-2023-52580", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52580", }, { cve: "CVE-2023-52581", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52581", }, { cve: "CVE-2023-52597", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52597", }, { cve: "CVE-2023-52610", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52610", }, { cve: "CVE-2023-52620", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52620", }, { cve: "CVE-2023-5678", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-5678", }, { cve: "CVE-2023-6040", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6040", }, { cve: "CVE-2023-6121", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6121", }, { cve: "CVE-2023-6129", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6129", }, { cve: "CVE-2023-6176", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6176", }, { cve: "CVE-2023-6228", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6228", }, { cve: "CVE-2023-6237", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6237", }, { cve: "CVE-2023-6240", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6240", }, { cve: "CVE-2023-6531", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6531", }, { cve: "CVE-2023-6546", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6546", }, { cve: "CVE-2023-6622", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6622", }, { cve: "CVE-2023-6915", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6915", }, { cve: "CVE-2023-6931", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6931", }, { cve: "CVE-2023-6932", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6932", }, { cve: "CVE-2023-7008", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-7008", }, { cve: "CVE-2024-0565", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-0565", }, { cve: "CVE-2024-0727", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-0727", }, { cve: "CVE-2024-0841", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-0841", }, { cve: "CVE-2024-1085", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-1085", }, { cve: "CVE-2024-1086", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-1086", }, { cve: "CVE-2024-1394", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-1394", }, { cve: "CVE-2024-1488", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-1488", }, { cve: "CVE-2024-21011", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-21011", }, { cve: "CVE-2024-21012", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-21012", }, { cve: "CVE-2024-21068", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-21068", }, { cve: "CVE-2024-21085", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-21085", }, { cve: "CVE-2024-21094", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-21094", }, { cve: "CVE-2024-22365", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-22365", }, { cve: "CVE-2024-24783", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-24783", }, { cve: "CVE-2024-24784", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-24784", }, { cve: "CVE-2024-24785", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-24785", }, { cve: "CVE-2024-24786", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-24786", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-25742", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-25742", }, { cve: "CVE-2024-25743", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-25743", }, { cve: "CVE-2024-26582", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26582", }, { cve: "CVE-2024-26583", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26583", }, { cve: "CVE-2024-26584", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26584", }, { cve: "CVE-2024-26585", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26585", }, { cve: "CVE-2024-26586", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26586", }, { cve: "CVE-2024-26593", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26593", }, { cve: "CVE-2024-26602", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26602", }, { cve: "CVE-2024-26609", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26609", }, { cve: "CVE-2024-26633", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26633", }, { cve: "CVE-2024-27316", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-27316", }, { cve: "CVE-2024-28834", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-28834", }, { cve: "CVE-2024-28835", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-28835", }, { cve: "CVE-2024-28849", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-28849", }, { cve: "CVE-2024-29180", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-29180", }, { cve: "CVE-2024-2961", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-2961", }, { cve: "CVE-2024-33599", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-33599", }, { cve: "CVE-2024-33600", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-33600", }, { cve: "CVE-2024-33601", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-33601", }, { cve: "CVE-2024-33602", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-33602", }, ], }
wid-sec-w-2024-0280
Vulnerability from csaf_certbund
Published
2024-02-04 23:00
Modified
2024-12-15 23:00
Summary
libxml2: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
libxml ist ein C Parser und Toolkit, welches für das Gnome Projekt entwickelt wurde.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libxml2 ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "libxml ist ein C Parser und Toolkit, welches für das Gnome Projekt entwickelt wurde.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libxml2 ausnutzen, um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0280 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0280.json", }, { category: "self", summary: "WID-SEC-2024-0280 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0280", }, { category: "external", summary: "Red Hat Bugtracker vom 2024-02-04", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "GitLab Gnome vom 2024-02-04", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202402-11 vom 2024-02-09", url: "https://security.gentoo.org/glsa/202402-11", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0461-1 vom 2024-02-13", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017908.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0556-1 vom 2024-02-20", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017962.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0555-1 vom 2024-02-20", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017963.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6658-1 vom 2024-02-26", url: "https://ubuntu.com/security/notices/USN-6658-1", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0613-1 vom 2024-02-26", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018008.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6658-2 vom 2024-03-11", url: "https://ubuntu.com/security/notices/USN-6658-2", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1317 vom 2024-03-18", url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2679 vom 2024-05-02", url: "https://access.redhat.com/errata/RHSA-2024:2679", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2679 vom 2024-05-07", url: "https://linux.oracle.com/errata/ELSA-2024-2679.html", }, { category: "external", summary: "Dell Security Advisory DSA-2024-198 vom 2024-05-08", url: "https://www.dell.com/support/kbdoc/000224827/dsa-2024-=", }, { category: "external", summary: "IBM Security Bulletin 7150641 vom 2024-05-09", url: "https://aix.software.ibm.com/aix/efixes/security/libxml2_advisory6.asc", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3299 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:3299", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3303 vom 2024-05-23", url: "https://access.redhat.com/errata/RHSA-2024:3303", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0461-2 vom 2024-05-29", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018611.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3625 vom 2024-06-05", url: "https://access.redhat.com/errata/RHSA-2024:3625", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3626 vom 2024-06-05", url: "https://linux.oracle.com/errata/ELSA-2024-3626.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0613-2 vom 2024-06-10", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018683.html", }, { category: "external", summary: "Dell Security Advisory DSA-2024-248 vom 2024-06-11", url: "https://www.dell.com/support/kbdoc/de-de/000225945/dsa-2024-248-security-update-for-dell-networker-multiple-component-vulnerabilities", }, { category: "external", summary: "IBM Security Bulletin 7160134 vom 2024-07-12", url: "https://www.ibm.com/support/pages/node/7160134", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18", url: "https://access.redhat.com/errata/RHSA-2024:4631", }, { category: "external", summary: "IBM Security Bulletin 7165265 vom 2024-08-12", url: "https://www.ibm.com/support/pages/node/7165265", }, { category: "external", summary: "F5 Security Advisory K000141357 vom 2024-10-08", url: "https://my.f5.com/manage/s/article/K000141357", }, { category: "external", summary: "Dell Security Advisory DSA-2024-422 vom 2024-10-10", url: "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities", }, { category: "external", summary: "IBM Security Bulletin", url: "https://www.ibm.com/support/pages/node/7174634", }, { category: "external", summary: "IBM Security Bulletin 7174728 vom 2024-11-04", url: "https://www.ibm.com/support/pages/node/7174728", }, { category: "external", summary: "Dell Security Advisory DSA-2024-251 vom 2024-11-11", url: "https://www.dell.com/support/kbdoc/de-de/000247018/dsa-2024-251-security-update-for-dell-networker-for-libxml2-2-9-0-vulnerabilities", }, { category: "external", summary: "Dell Security Advisory DSA-2024-451 vom 2024-12-03", url: "https://www.dell.com/support/kbdoc/de-de/000255975/dsa-2024-451-security-update-for-dell-networker-for-libxml2-2-9-0-vulnerabilities", }, { category: "external", summary: "IBM Security Bulletin 7178946 vom 2024-12-14", url: "https://www.ibm.com/support/pages/node/7178946", }, ], source_lang: "en-US", title: "libxml2: Schwachstelle ermöglicht Denial of Service", tracking: { current_release_date: "2024-12-15T23:00:00.000+00:00", generator: { date: "2024-12-16T09:17:37.139+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-0280", initial_release_date: "2024-02-04T23:00:00.000+00:00", revision_history: [ { date: "2024-02-04T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-02-08T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-02-13T23:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-02-20T23:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-02-26T23:00:00.000+00:00", number: "5", summary: "Neue Updates von Ubuntu und SUSE aufgenommen", }, { date: "2024-03-11T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2024-03-18T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-03-27T23:00:00.000+00:00", number: "8", summary: "Neue Updates von RedHat", }, { date: "2024-05-02T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-07T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Oracle Linux und Dell aufgenommen", }, { date: "2024-05-09T22:00:00.000+00:00", number: "11", summary: "Neue Updates von IBM und IBM-APAR aufgenommen", }, { date: "2024-05-22T22:00:00.000+00:00", number: "12", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-28T22:00:00.000+00:00", number: "13", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-06-04T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-05T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-06-10T22:00:00.000+00:00", number: "16", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-06-11T22:00:00.000+00:00", number: "17", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-07-11T22:00:00.000+00:00", number: "18", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-07-18T22:00:00.000+00:00", number: "19", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-11T22:00:00.000+00:00", number: "20", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-10-08T22:00:00.000+00:00", number: "21", summary: "Neue Updates von F5 aufgenommen", }, { date: "2024-10-09T22:00:00.000+00:00", number: "22", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-10-31T23:00:00.000+00:00", number: "23", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-11-04T23:00:00.000+00:00", number: "24", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-11-10T23:00:00.000+00:00", number: "25", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-12-03T23:00:00.000+00:00", number: "26", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-12-15T23:00:00.000+00:00", number: "27", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "27", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Dell NetWorker", product: { name: "Dell NetWorker", product_id: "T024663", product_identification_helper: { cpe: "cpe:/a:dell:networker:-", }, }, }, { category: "product_version", name: "virtual", product: { name: "Dell NetWorker virtual", product_id: "T034583", product_identification_helper: { cpe: "cpe:/a:dell:networker:virtual", }, }, }, { category: "product_version_range", name: "<19.11.0.2", product: { name: "Dell NetWorker <19.11.0.2", product_id: "T038884", }, }, { category: "product_version", name: "19.11.0.2", product: { name: "Dell NetWorker 19.11.0.2", product_id: "T038884-fixed", product_identification_helper: { cpe: "cpe:/a:dell:networker:19.11.0.2", }, }, }, { category: "product_version_range", name: "Server <19.11.0.2", product: { name: "Dell NetWorker Server <19.11.0.2", product_id: "T039561", }, }, { category: "product_version", name: "Server 19.11.0.2", product: { name: "Dell NetWorker Server 19.11.0.2", product_id: "T039561-fixed", product_identification_helper: { cpe: "cpe:/a:dell:networker:server__19.11.0.2", }, }, }, { category: "product_version_range", name: "Server <19.10.0.6", product: { name: "Dell NetWorker Server <19.10.0.6", product_id: "T039562", }, }, { category: "product_version", name: "Server 19.10.0.6", product: { name: "Dell NetWorker Server 19.10.0.6", product_id: "T039562-fixed", product_identification_helper: { cpe: "cpe:/a:dell:networker:server__19.10.0.6", }, }, }, ], category: "product_name", name: "NetWorker", }, ], category: "vendor", name: "Dell", }, { branches: [ { category: "product_name", name: "EMC Avamar", product: { name: "EMC Avamar", product_id: "T014381", product_identification_helper: { cpe: "cpe:/a:emc:avamar:-", }, }, }, ], category: "vendor", name: "EMC", }, { branches: [ { branches: [ { category: "product_version", name: "17.1.0-17.1.1", product: { name: "F5 BIG-IP 17.1.0-17.1.1", product_id: "T034899", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:17.1.0_-_17.1.1", }, }, }, { category: "product_version", name: "15.1.0-15.1.10", product: { name: "F5 BIG-IP 15.1.0-15.1.10", product_id: "T034902", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:15.1.0_-_15.1.10", }, }, }, { category: "product_version", name: "16.1.0-16.1.5", product: { name: "F5 BIG-IP 16.1.0-16.1.5", product_id: "T037028", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:16.1.0_-_16.1.5", }, }, }, ], category: "product_name", name: "BIG-IP", }, ], category: "vendor", name: "F5", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version", name: "7.3", product: { name: "IBM AIX 7.3", product_id: "1139691", product_identification_helper: { cpe: "cpe:/o:ibm:aix:7.3", }, }, }, { category: "product_version", name: "7.2", product: { name: "IBM AIX 7.2", product_id: "434967", product_identification_helper: { cpe: "cpe:/o:ibm:aix:7.2", }, }, }, ], category: "product_name", name: "AIX", }, { category: "product_name", name: "IBM App Connect Enterprise", product: { name: "IBM App Connect Enterprise", product_id: "T032495", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:-", }, }, }, { category: "product_name", name: "IBM DataPower Gateway", product: { name: "IBM DataPower Gateway", product_id: "393635", product_identification_helper: { cpe: "cpe:/a:ibm:datapower_gateway:-", }, }, }, { branches: [ { category: "product_version", name: "V10", product: { name: "IBM Power Hardware Management Console V10", product_id: "T023373", product_identification_helper: { cpe: "cpe:/a:ibm:hardware_management_console:v10", }, }, }, ], category: "product_name", name: "Power Hardware Management Console", }, { branches: [ { category: "product_version_range", name: "<7.5.0 UP9", product: { name: "IBM QRadar SIEM <7.5.0 UP9", product_id: "T036127", }, }, { category: "product_version", name: "7.5.0 UP9", product: { name: "IBM QRadar SIEM 7.5.0 UP9", product_id: "T036127-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5.0_up9", }, }, }, { category: "product_version_range", name: "<7.5.0 UP10 IF01", product: { name: "IBM QRadar SIEM <7.5.0 UP10 IF01", product_id: "T038741", }, }, { category: "product_version", name: "7.5.0 UP10 IF01", product: { name: "IBM QRadar SIEM 7.5.0 UP10 IF01", product_id: "T038741-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01", }, }, }, ], category: "product_name", name: "QRadar SIEM", }, { branches: [ { category: "product_version", name: "3.1", product: { name: "IBM VIOS 3.1", product_id: "1039165", product_identification_helper: { cpe: "cpe:/a:ibm:vios:3.1", }, }, }, { category: "product_version", name: "4.1", product: { name: "IBM VIOS 4.1", product_id: "1522854", product_identification_helper: { cpe: "cpe:/a:ibm:vios:4.1", }, }, }, ], category: "product_name", name: "VIOS", }, ], category: "vendor", name: "IBM", }, { branches: [ { branches: [ { category: "product_version_range", name: "<2.11.7", product: { name: "Open Source libxml2 <2.11.7", product_id: "T032486", }, }, { category: "product_version", name: "2.11.7", product: { name: "Open Source libxml2 2.11.7", product_id: "T032486-fixed", product_identification_helper: { cpe: "cpe:/a:xmlsoft:libxml2:2.11.7", }, }, }, { category: "product_version_range", name: "<2.12.5", product: { name: "Open Source libxml2 <2.12.5", product_id: "T032487", }, }, { category: "product_version", name: "2.12.5", product: { name: "Open Source libxml2 2.12.5", product_id: "T032487-fixed", product_identification_helper: { cpe: "cpe:/a:xmlsoft:libxml2:2.12.5", }, }, }, ], category: "product_name", name: "libxml2", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in libxml2. Diese ist auf einen Use-after-Free-Fehler zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T032487", "67646", "T034902", "T034583", "T036127", "T004914", "T032486", "T038741", "T038884", "1139691", "T024663", "T023373", "T034899", "434967", "1039165", "393635", "1522854", "T037028", "T012167", "T032495", "T039562", "T014381", "T039561", "T002207", "T000126", ], }, release_date: "2024-02-04T23:00:00.000+00:00", title: "CVE-2024-25062", }, ], }
WID-SEC-W-2024-0280
Vulnerability from csaf_certbund
Published
2024-02-04 23:00
Modified
2024-12-15 23:00
Summary
libxml2: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
libxml ist ein C Parser und Toolkit, welches für das Gnome Projekt entwickelt wurde.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libxml2 ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "libxml ist ein C Parser und Toolkit, welches für das Gnome Projekt entwickelt wurde.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in libxml2 ausnutzen, um einen Denial of Service Angriff durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0280 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0280.json", }, { category: "self", summary: "WID-SEC-2024-0280 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0280", }, { category: "external", summary: "Red Hat Bugtracker vom 2024-02-04", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2262726", }, { category: "external", summary: "GitLab Gnome vom 2024-02-04", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202402-11 vom 2024-02-09", url: "https://security.gentoo.org/glsa/202402-11", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0461-1 vom 2024-02-13", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017908.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0556-1 vom 2024-02-20", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017962.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0555-1 vom 2024-02-20", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017963.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6658-1 vom 2024-02-26", url: "https://ubuntu.com/security/notices/USN-6658-1", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0613-1 vom 2024-02-26", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018008.html", }, { category: "external", summary: "Ubuntu Security Notice USN-6658-2 vom 2024-03-11", url: "https://ubuntu.com/security/notices/USN-6658-2", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1317 vom 2024-03-18", url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2679 vom 2024-05-02", url: "https://access.redhat.com/errata/RHSA-2024:2679", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-2679 vom 2024-05-07", url: "https://linux.oracle.com/errata/ELSA-2024-2679.html", }, { category: "external", summary: "Dell Security Advisory DSA-2024-198 vom 2024-05-08", url: "https://www.dell.com/support/kbdoc/000224827/dsa-2024-=", }, { category: "external", summary: "IBM Security Bulletin 7150641 vom 2024-05-09", url: "https://aix.software.ibm.com/aix/efixes/security/libxml2_advisory6.asc", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3299 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:3299", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3303 vom 2024-05-23", url: "https://access.redhat.com/errata/RHSA-2024:3303", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0461-2 vom 2024-05-29", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018611.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3625 vom 2024-06-05", url: "https://access.redhat.com/errata/RHSA-2024:3625", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-3626 vom 2024-06-05", url: "https://linux.oracle.com/errata/ELSA-2024-3626.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:0613-2 vom 2024-06-10", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018683.html", }, { category: "external", summary: "Dell Security Advisory DSA-2024-248 vom 2024-06-11", url: "https://www.dell.com/support/kbdoc/de-de/000225945/dsa-2024-248-security-update-for-dell-networker-multiple-component-vulnerabilities", }, { category: "external", summary: "IBM Security Bulletin 7160134 vom 2024-07-12", url: "https://www.ibm.com/support/pages/node/7160134", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18", url: "https://access.redhat.com/errata/RHSA-2024:4631", }, { category: "external", summary: "IBM Security Bulletin 7165265 vom 2024-08-12", url: "https://www.ibm.com/support/pages/node/7165265", }, { category: "external", summary: "F5 Security Advisory K000141357 vom 2024-10-08", url: "https://my.f5.com/manage/s/article/K000141357", }, { category: "external", summary: "Dell Security Advisory DSA-2024-422 vom 2024-10-10", url: "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities", }, { category: "external", summary: "IBM Security Bulletin", url: "https://www.ibm.com/support/pages/node/7174634", }, { category: "external", summary: "IBM Security Bulletin 7174728 vom 2024-11-04", url: "https://www.ibm.com/support/pages/node/7174728", }, { category: "external", summary: "Dell Security Advisory DSA-2024-251 vom 2024-11-11", url: "https://www.dell.com/support/kbdoc/de-de/000247018/dsa-2024-251-security-update-for-dell-networker-for-libxml2-2-9-0-vulnerabilities", }, { category: "external", summary: "Dell Security Advisory DSA-2024-451 vom 2024-12-03", url: "https://www.dell.com/support/kbdoc/de-de/000255975/dsa-2024-451-security-update-for-dell-networker-for-libxml2-2-9-0-vulnerabilities", }, { category: "external", summary: "IBM Security Bulletin 7178946 vom 2024-12-14", url: "https://www.ibm.com/support/pages/node/7178946", }, ], source_lang: "en-US", title: "libxml2: Schwachstelle ermöglicht Denial of Service", tracking: { current_release_date: "2024-12-15T23:00:00.000+00:00", generator: { date: "2024-12-16T09:17:37.139+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-0280", initial_release_date: "2024-02-04T23:00:00.000+00:00", revision_history: [ { date: "2024-02-04T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-02-08T23:00:00.000+00:00", number: "2", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-02-13T23:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-02-20T23:00:00.000+00:00", number: "4", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-02-26T23:00:00.000+00:00", number: "5", summary: "Neue Updates von Ubuntu und SUSE aufgenommen", }, { date: "2024-03-11T23:00:00.000+00:00", number: "6", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2024-03-18T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-03-27T23:00:00.000+00:00", number: "8", summary: "Neue Updates von RedHat", }, { date: "2024-05-02T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-07T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Oracle Linux und Dell aufgenommen", }, { date: "2024-05-09T22:00:00.000+00:00", number: "11", summary: "Neue Updates von IBM und IBM-APAR aufgenommen", }, { date: "2024-05-22T22:00:00.000+00:00", number: "12", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-28T22:00:00.000+00:00", number: "13", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-06-04T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-05T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-06-10T22:00:00.000+00:00", number: "16", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-06-11T22:00:00.000+00:00", number: "17", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-07-11T22:00:00.000+00:00", number: "18", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-07-18T22:00:00.000+00:00", number: "19", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-11T22:00:00.000+00:00", number: "20", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-10-08T22:00:00.000+00:00", number: "21", summary: "Neue Updates von F5 aufgenommen", }, { date: "2024-10-09T22:00:00.000+00:00", number: "22", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-10-31T23:00:00.000+00:00", number: "23", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-11-04T23:00:00.000+00:00", number: "24", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-11-10T23:00:00.000+00:00", number: "25", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-12-03T23:00:00.000+00:00", number: "26", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-12-15T23:00:00.000+00:00", number: "27", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "27", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Dell NetWorker", product: { name: "Dell NetWorker", product_id: "T024663", product_identification_helper: { cpe: "cpe:/a:dell:networker:-", }, }, }, { category: "product_version", name: "virtual", product: { name: "Dell NetWorker virtual", product_id: "T034583", product_identification_helper: { cpe: "cpe:/a:dell:networker:virtual", }, }, }, { category: "product_version_range", name: "<19.11.0.2", product: { name: "Dell NetWorker <19.11.0.2", product_id: "T038884", }, }, { category: "product_version", name: "19.11.0.2", product: { name: "Dell NetWorker 19.11.0.2", product_id: "T038884-fixed", product_identification_helper: { cpe: "cpe:/a:dell:networker:19.11.0.2", }, }, }, { category: "product_version_range", name: "Server <19.11.0.2", product: { name: "Dell NetWorker Server <19.11.0.2", product_id: "T039561", }, }, { category: "product_version", name: "Server 19.11.0.2", product: { name: "Dell NetWorker Server 19.11.0.2", product_id: "T039561-fixed", product_identification_helper: { cpe: "cpe:/a:dell:networker:server__19.11.0.2", }, }, }, { category: "product_version_range", name: "Server <19.10.0.6", product: { name: "Dell NetWorker Server <19.10.0.6", product_id: "T039562", }, }, { category: "product_version", name: "Server 19.10.0.6", product: { name: "Dell NetWorker Server 19.10.0.6", product_id: "T039562-fixed", product_identification_helper: { cpe: "cpe:/a:dell:networker:server__19.10.0.6", }, }, }, ], category: "product_name", name: "NetWorker", }, ], category: "vendor", name: "Dell", }, { branches: [ { category: "product_name", name: "EMC Avamar", product: { name: "EMC Avamar", product_id: "T014381", product_identification_helper: { cpe: "cpe:/a:emc:avamar:-", }, }, }, ], category: "vendor", name: "EMC", }, { branches: [ { branches: [ { category: "product_version", name: "17.1.0-17.1.1", product: { name: "F5 BIG-IP 17.1.0-17.1.1", product_id: "T034899", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:17.1.0_-_17.1.1", }, }, }, { category: "product_version", name: "15.1.0-15.1.10", product: { name: "F5 BIG-IP 15.1.0-15.1.10", product_id: "T034902", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:15.1.0_-_15.1.10", }, }, }, { category: "product_version", name: "16.1.0-16.1.5", product: { name: "F5 BIG-IP 16.1.0-16.1.5", product_id: "T037028", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:16.1.0_-_16.1.5", }, }, }, ], category: "product_name", name: "BIG-IP", }, ], category: "vendor", name: "F5", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version", name: "7.3", product: { name: "IBM AIX 7.3", product_id: "1139691", product_identification_helper: { cpe: "cpe:/o:ibm:aix:7.3", }, }, }, { category: "product_version", name: "7.2", product: { name: "IBM AIX 7.2", product_id: "434967", product_identification_helper: { cpe: "cpe:/o:ibm:aix:7.2", }, }, }, ], category: "product_name", name: "AIX", }, { category: "product_name", name: "IBM App Connect Enterprise", product: { name: "IBM App Connect Enterprise", product_id: "T032495", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:-", }, }, }, { category: "product_name", name: "IBM DataPower Gateway", product: { name: "IBM DataPower Gateway", product_id: "393635", product_identification_helper: { cpe: "cpe:/a:ibm:datapower_gateway:-", }, }, }, { branches: [ { category: "product_version", name: "V10", product: { name: "IBM Power Hardware Management Console V10", product_id: "T023373", product_identification_helper: { cpe: "cpe:/a:ibm:hardware_management_console:v10", }, }, }, ], category: "product_name", name: "Power Hardware Management Console", }, { branches: [ { category: "product_version_range", name: "<7.5.0 UP9", product: { name: "IBM QRadar SIEM <7.5.0 UP9", product_id: "T036127", }, }, { category: "product_version", name: "7.5.0 UP9", product: { name: "IBM QRadar SIEM 7.5.0 UP9", product_id: "T036127-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5.0_up9", }, }, }, { category: "product_version_range", name: "<7.5.0 UP10 IF01", product: { name: "IBM QRadar SIEM <7.5.0 UP10 IF01", product_id: "T038741", }, }, { category: "product_version", name: "7.5.0 UP10 IF01", product: { name: "IBM QRadar SIEM 7.5.0 UP10 IF01", product_id: "T038741-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01", }, }, }, ], category: "product_name", name: "QRadar SIEM", }, { branches: [ { category: "product_version", name: "3.1", product: { name: "IBM VIOS 3.1", product_id: "1039165", product_identification_helper: { cpe: "cpe:/a:ibm:vios:3.1", }, }, }, { category: "product_version", name: "4.1", product: { name: "IBM VIOS 4.1", product_id: "1522854", product_identification_helper: { cpe: "cpe:/a:ibm:vios:4.1", }, }, }, ], category: "product_name", name: "VIOS", }, ], category: "vendor", name: "IBM", }, { branches: [ { branches: [ { category: "product_version_range", name: "<2.11.7", product: { name: "Open Source libxml2 <2.11.7", product_id: "T032486", }, }, { category: "product_version", name: "2.11.7", product: { name: "Open Source libxml2 2.11.7", product_id: "T032486-fixed", product_identification_helper: { cpe: "cpe:/a:xmlsoft:libxml2:2.11.7", }, }, }, { category: "product_version_range", name: "<2.12.5", product: { name: "Open Source libxml2 <2.12.5", product_id: "T032487", }, }, { category: "product_version", name: "2.12.5", product: { name: "Open Source libxml2 2.12.5", product_id: "T032487-fixed", product_identification_helper: { cpe: "cpe:/a:xmlsoft:libxml2:2.12.5", }, }, }, ], category: "product_name", name: "libxml2", }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2024-25062", notes: [ { category: "description", text: "Es existiert eine Schwachstelle in libxml2. Diese ist auf einen Use-after-Free-Fehler zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T032487", "67646", "T034902", "T034583", "T036127", "T004914", "T032486", "T038741", "T038884", "1139691", "T024663", "T023373", "T034899", "434967", "1039165", "393635", "1522854", "T037028", "T012167", "T032495", "T039562", "T014381", "T039561", "T002207", "T000126", ], }, release_date: "2024-02-04T23:00:00.000+00:00", title: "CVE-2024-25062", }, ], }
wid-sec-w-2024-1656
Vulnerability from csaf_certbund
Published
2024-07-16 22:00
Modified
2025-01-12 23:00
Summary
Oracle MySQL: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
MySQL ist ein Open Source Datenbankserver von Oracle.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "MySQL ist ein Open Source Datenbankserver von Oracle.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Linux\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1656 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1656.json", }, { category: "self", summary: "WID-SEC-2024-1656 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1656", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle MySQL vom 2024-07-16", url: "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixMSQL", }, { category: "external", summary: "Ubuntu Security Notice USN-6934-1 vom 2024-07-31", url: "https://ubuntu.com/security/notices/USN-6934-1", }, { category: "external", summary: "Fedora Security Advisory FEDORA-2024-5D9DC19F2D vom 2024-08-12", url: "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5d9dc19f2d", }, { category: "external", summary: "F5 Security Advisory K000140908 vom 2024-09-03", url: "https://my.f5.com/manage/s/article/K000140908", }, { category: "external", summary: "IBM Security Bulletin 7173959 vom 2024-10-23", url: "https://www.ibm.com/support/pages/node/7173959", }, { category: "external", summary: "IBM Security Bulletin 7180384 vom 2025-01-07", url: "https://www.ibm.com/support/pages/node/7180384", }, { category: "external", summary: "XEROX Security Advisory XRX25-001 vom 2025-01-13", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-001-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, ], source_lang: "en-US", title: "Oracle MySQL: Mehrere Schwachstellen", tracking: { current_release_date: "2025-01-12T23:00:00.000+00:00", generator: { date: "2025-01-13T11:08:27.718+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-1656", initial_release_date: "2024-07-16T22:00:00.000+00:00", revision_history: [ { date: "2024-07-16T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-07-31T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2024-08-11T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Fedora aufgenommen", }, { date: "2024-09-03T22:00:00.000+00:00", number: "4", summary: "Neue Updates von F5 aufgenommen", }, { date: "2024-10-23T22:00:00.000+00:00", number: "5", summary: "Neue Updates von IBM aufgenommen", }, { date: "2025-01-07T23:00:00.000+00:00", number: "6", summary: "Neue Updates von IBM aufgenommen", }, { date: "2025-01-12T23:00:00.000+00:00", number: "7", summary: "Neue Updates von XEROX aufgenommen", }, ], status: "final", version: "7", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "F5 BIG-IP", product: { name: "F5 BIG-IP", product_id: "T001663", product_identification_helper: { cpe: "cpe:/a:f5:big-ip:-", }, }, }, ], category: "vendor", name: "F5", }, { branches: [ { category: "product_name", name: "Fedora Linux", product: { name: "Fedora Linux", product_id: "74185", product_identification_helper: { cpe: "cpe:/o:fedoraproject:fedora:-", }, }, }, ], category: "vendor", name: "Fedora", }, { branches: [ { branches: [ { category: "product_version", name: "12", product: { name: "IBM Security Guardium 12.0", product_id: "T031092", product_identification_helper: { cpe: "cpe:/a:ibm:security_guardium:12.0", }, }, }, ], category: "product_name", name: "Security Guardium", }, ], category: "vendor", name: "IBM", }, { branches: [ { branches: [ { category: "product_version_range", name: "<=8.1.0", product: { name: "Oracle MySQL <=8.1.0", product_id: "1502322", }, }, { category: "product_version_range", name: "<=8.1.0", product: { name: "Oracle MySQL <=8.1.0", product_id: "1502322-fixed", }, }, { category: "product_version_range", name: "<=8.0.34", product: { name: "Oracle MySQL <=8.0.34", product_id: "1502323", }, }, { category: "product_version_range", name: "<=8.0.34", product: { name: "Oracle MySQL <=8.0.34", product_id: "1502323-fixed", }, }, { category: "product_version_range", name: "<=8.0.35", product: { name: "Oracle MySQL <=8.0.35", product_id: "1566667", }, }, { category: "product_version_range", name: "<=8.0.35", product: { name: "Oracle MySQL <=8.0.35", product_id: "1566667-fixed", }, }, { category: "product_version_range", name: "<=8.2.0", product: { name: "Oracle MySQL <=8.2.0", product_id: "1566668", }, }, { category: "product_version_range", name: "<=8.2.0", product: { name: "Oracle MySQL <=8.2.0", product_id: "1566668-fixed", }, }, { category: "product_version_range", name: "<=8.0.36", product: { name: "Oracle MySQL <=8.0.36", product_id: "T032120", }, }, { category: "product_version_range", name: "<=8.0.36", product: { name: "Oracle MySQL <=8.0.36", product_id: "T032120-fixed", }, }, { category: "product_version_range", name: "<=8.3.0", product: { name: "Oracle MySQL <=8.3.0", product_id: "T034178", }, }, { category: "product_version_range", name: "<=8.3.0", product: { name: "Oracle MySQL <=8.3.0", product_id: "T034178-fixed", }, }, { category: "product_version_range", name: "<=8.0.37", product: { name: "Oracle MySQL <=8.0.37", product_id: "T034179", }, }, { category: "product_version_range", name: "<=8.0.37", product: { name: "Oracle MySQL <=8.0.37", product_id: "T034179-fixed", }, }, { category: "product_version_range", name: "<=8.4.0", product: { name: "Oracle MySQL <=8.4.0", product_id: "T036237", }, }, { category: "product_version_range", name: "<=8.4.0", product: { name: "Oracle MySQL <=8.4.0", product_id: "T036237-fixed", }, }, { category: "product_version_range", name: "<=7.5.34", product: { name: "Oracle MySQL <=7.5.34", product_id: "T036238", }, }, { category: "product_version_range", name: "<=7.5.34", product: { name: "Oracle MySQL <=7.5.34", product_id: "T036238-fixed", }, }, { category: "product_version_range", name: "<=7.6.30", product: { name: "Oracle MySQL <=7.6.30", product_id: "T036239", }, }, { category: "product_version_range", name: "<=7.6.30", product: { name: "Oracle MySQL <=7.6.30", product_id: "T036239-fixed", }, }, { category: "product_version", name: "8.4.1", product: { name: "Oracle MySQL 8.4.1", product_id: "T036240", product_identification_helper: { cpe: "cpe:/a:oracle:mysql:8.4.1", }, }, }, { category: "product_version", name: "9.0.0", product: { name: "Oracle MySQL 9.0.0", product_id: "T036241", product_identification_helper: { cpe: "cpe:/a:oracle:mysql:9.0.0", }, }, }, { category: "product_version_range", name: "<=8.0.38", product: { name: "Oracle MySQL <=8.0.38", product_id: "T036274", }, }, { category: "product_version_range", name: "<=8.0.38", product: { name: "Oracle MySQL <=8.0.38", product_id: "T036274-fixed", }, }, ], category: "product_name", name: "MySQL", }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, { branches: [ { branches: [ { category: "product_version", name: "v9 for Solaris", product: { name: "Xerox FreeFlow Print Server v9 for Solaris", product_id: "T028053", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9_for_solaris", }, }, }, ], category: "product_name", name: "FreeFlow Print Server", }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2021-24112", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2021-24112", }, { cve: "CVE-2023-37920", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-37920", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-48795", }, { cve: "CVE-2023-52425", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-52425", }, { cve: "CVE-2023-6129", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-6129", }, { cve: "CVE-2024-0450", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-0450", }, { cve: "CVE-2024-20996", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-20996", }, { cve: "CVE-2024-21125", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21125", }, { cve: "CVE-2024-21127", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21127", }, { cve: "CVE-2024-21129", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21129", }, { cve: "CVE-2024-21130", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21130", }, { cve: "CVE-2024-21134", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21134", }, { cve: "CVE-2024-21135", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21135", }, { cve: "CVE-2024-21137", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21137", }, { cve: "CVE-2024-21142", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21142", }, { cve: "CVE-2024-21157", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21157", }, { cve: "CVE-2024-21159", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21159", }, { cve: "CVE-2024-21160", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21160", }, { cve: "CVE-2024-21162", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21162", }, { cve: "CVE-2024-21163", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21163", }, { cve: "CVE-2024-21165", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21165", }, { cve: "CVE-2024-21166", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21166", }, { cve: "CVE-2024-21170", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21170", }, { cve: "CVE-2024-21171", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21171", }, { cve: "CVE-2024-21173", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21173", }, { cve: "CVE-2024-21176", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21176", }, { cve: "CVE-2024-21177", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21177", }, { cve: "CVE-2024-21179", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21179", }, { cve: "CVE-2024-21185", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21185", }, { cve: "CVE-2024-22257", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-22262", }, { cve: "CVE-2024-24549", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-24549", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Oracle MySQL existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"Hoch\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028053", "T036240", "T000126", "T031092", "T001663", "T036241", "74185", ], last_affected: [ "1502323", "1566668", "1502322", "T036238", "T036239", "1566667", "T036237", "T036274", "T034179", "T032120", "T034178", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-25062", }, ], }
wid-sec-w-2024-1637
Vulnerability from csaf_certbund
Published
2024-07-16 22:00
Modified
2024-12-30 23:00
Summary
Oracle Fusion Middleware: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1637 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1637.json", }, { category: "self", summary: "WID-SEC-2024-1637 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1637", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Fusion Middleware vom 2024-07-16", url: "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixFMW", }, { category: "external", summary: "PoC CVE-2024-21182 vom 2024-12-30", url: "https://github.com/k4it0k1d/CVE-2024-21182", }, ], source_lang: "en-US", title: "Oracle Fusion Middleware: Mehrere Schwachstellen", tracking: { current_release_date: "2024-12-30T23:00:00.000+00:00", generator: { date: "2024-12-31T09:02:24.477+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-1637", initial_release_date: "2024-07-16T22:00:00.000+00:00", revision_history: [ { date: "2024-07-16T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-12-30T23:00:00.000+00:00", number: "2", summary: "PoC für CVE-2024-21182 ergänzt", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "12.2.1.4.0", product: { name: "Oracle Fusion Middleware 12.2.1.4.0", product_id: "751674", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:12.2.1.4.0", }, }, }, { category: "product_version", name: "14.1.1.0.0", product: { name: "Oracle Fusion Middleware 14.1.1.0.0", product_id: "829576", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:14.1.1.0.0", }, }, }, { category: "product_version", name: "8.5.7", product: { name: "Oracle Fusion Middleware 8.5.7", product_id: "T034057", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:8.5.7", }, }, }, { category: "product_version", name: "12.2.1.19.0", product: { name: "Oracle Fusion Middleware 12.2.1.19.0", product_id: "T036225", product_identification_helper: { cpe: "cpe:/a:oracle:fusion_middleware:12.2.1.19.0", }, }, }, ], category: "product_name", name: "Fusion Middleware", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2020-13956", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2020-13956", }, { cve: "CVE-2020-1945", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2020-1945", }, { cve: "CVE-2021-29425", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2021-29425", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2021-37533", }, { cve: "CVE-2022-40152", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2022-45378", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2022-45378", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-29081", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-29081", }, { cve: "CVE-2023-2976", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-2976", }, { cve: "CVE-2023-34034", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-34034", }, { cve: "CVE-2023-36478", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-36478", }, { cve: "CVE-2023-45853", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-45853", }, { cve: "CVE-2023-46750", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-46750", }, { cve: "CVE-2023-4759", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-4759", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-48795", }, { cve: "CVE-2023-5072", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-5072", }, { cve: "CVE-2023-52425", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-52425", }, { cve: "CVE-2023-6129", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-6129", }, { cve: "CVE-2024-0853", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-0853", }, { cve: "CVE-2024-21133", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21133", }, { cve: "CVE-2024-21175", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21175", }, { cve: "CVE-2024-21181", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21181", }, { cve: "CVE-2024-21182", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21182", }, { cve: "CVE-2024-21183", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21183", }, { cve: "CVE-2024-22201", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-22201", }, { cve: "CVE-2024-22243", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-22243", }, { cve: "CVE-2024-22259", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-22259", }, { cve: "CVE-2024-22262", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-22262", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-26308", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-26308", }, { cve: "CVE-2024-29025", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-29025", }, { cve: "CVE-2024-29857", notes: [ { category: "description", text: "In Oracle Fusion Middleware existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036225", "751674", "T034057", "829576", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-29857", }, ], }
WID-SEC-W-2024-1226
Vulnerability from csaf_certbund
Published
2024-05-22 22:00
Modified
2025-01-14 23:00
Summary
Red Hat OpenShift: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder um weitere nicht spezifizierte Angriffe auszuführen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, seine Privilegien zu erweitern oder um weitere nicht spezifizierte Angriffe auszuführen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1226 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1226.json", }, { category: "self", summary: "WID-SEC-2024-1226 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1226", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2874 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:2874", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2929 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:2929", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2930 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:2930", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2932 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:2932", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2933 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:2933", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2874 vom 2024-05-22", url: "https://access.redhat.com/errata/RHSA-2024:3316", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:2901 vom 2024-05-23", url: "https://access.redhat.com/errata/RHSA-2024:2901", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3473 vom 2024-05-29", url: "https://access.redhat.com/errata/RHSA-2024:3473", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3790 vom 2024-06-11", url: "https://access.redhat.com/errata/RHSA-2024:3790", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3715 vom 2024-06-12", url: "https://access.redhat.com/errata/RHSA-2024:3715", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3314 vom 2024-06-13", url: "https://access.redhat.com/errata/RHSA-2024:3314", }, { category: "external", summary: "RedHat Security Advisory", url: "https://access.redhat.com/errata/RHSA-2024:3919", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:3830 vom 2024-06-14", url: "https://errata.build.resf.org/RLSA-2024:3830", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:3827 vom 2024-06-14", url: "https://errata.build.resf.org/RLSA-2024:3827", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3868 vom 2024-06-17", url: "https://access.redhat.com/errata/RHSA-2024:3868", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2024:3826 vom 2024-06-14", url: "https://errata.build.resf.org/RLSA-2024:3826", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3889 vom 2024-06-19", url: "https://access.redhat.com/errata/RHSA-2024:3889", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3989 vom 2024-06-20", url: "https://access.redhat.com/errata/RHSA-2024:3989", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4163 vom 2024-06-27", url: "https://access.redhat.com/errata/RHSA-2024:4163", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3637 vom 2024-07-01", url: "https://access.redhat.com/errata/RHSA-2024:3637", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1616 vom 2024-07-01", url: "https://access.redhat.com/errata/RHSA-2024:1616", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3617 vom 2024-07-01", url: "https://access.redhat.com/errata/RHSA-2024:3617", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4269 vom 2024-07-03", url: "https://access.redhat.com/errata/RHSA-2024:4269", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4553 vom 2024-07-16", url: "https://access.redhat.com/errata/RHSA-2024:4553", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4699 vom 2024-07-25", url: "https://access.redhat.com/errata/RHSA-2024:4699", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4455 vom 2024-07-29", url: "https://access.redhat.com/errata/RHSA-2024:4455", }, { category: "external", summary: "Amazon Linux Security Advisory ALASDOCKER-2024-041 vom 2024-08-13", url: "https://alas.aws.amazon.com/AL2/ALASDOCKER-2024-041.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5422 vom 2024-08-20", url: "https://access.redhat.com/errata/RHSA-2024:5422", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:5745 vom 2024-08-22", url: "https://access.redhat.com/errata/RHSA-2024:5745", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6667 vom 2024-09-13", url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6755 vom 2024-09-18", url: "https://access.redhat.com/errata/RHSA-2024:6755", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7164 vom 2024-09-26", url: "https://access.redhat.com/errata/RHSA-2024:7164", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7184 vom 2024-10-03", url: "https://access.redhat.com/errata/RHSA-2024:7184", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8318 vom 2024-10-23", url: "https://access.redhat.com/errata/RHSA-2024:8318", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8676 vom 2024-10-30", url: "https://access.redhat.com/errata/RHSA-2024:8676", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8677 vom 2024-10-30", url: "https://access.redhat.com/errata/RHSA-2024:8677", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8688 vom 2024-11-06", url: "https://access.redhat.com/errata/RHSA-2024:8688", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07", url: "https://access.redhat.com/errata/RHSA-2024:8692", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:9088 vom 2024-11-12", url: "https://access.redhat.com/errata/RHSA-2024:9088", }, { category: "external", summary: "Ubuntu Security Notice USN-7121-2 vom 2024-11-20", url: "https://ubuntu.com/security/notices/USN-7121-2", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2025:0164 vom 2025-01-09", url: "https://access.redhat.com/errata/RHSA-2025:0164", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2025:0323 vom 2025-01-15", url: "https://access.redhat.com/errata/RHSA-2025:0323", }, ], source_lang: "en-US", title: "Red Hat OpenShift: Mehrere Schwachstellen", tracking: { current_release_date: "2025-01-14T23:00:00.000+00:00", generator: { date: "2025-01-15T09:16:13.259+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-1226", initial_release_date: "2024-05-22T22:00:00.000+00:00", revision_history: [ { date: "2024-05-22T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-05-23T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-30T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-10T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-11T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-13T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-16T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen", }, { date: "2024-06-18T22:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-19T22:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-27T22:00:00.000+00:00", number: "10", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-30T22:00:00.000+00:00", number: "11", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-02T22:00:00.000+00:00", number: "12", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-15T22:00:00.000+00:00", number: "13", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-25T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-29T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-13T22:00:00.000+00:00", number: "16", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2024-08-20T22:00:00.000+00:00", number: "17", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-08-21T22:00:00.000+00:00", number: "18", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-12T22:00:00.000+00:00", number: "19", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-18T22:00:00.000+00:00", number: "20", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-09-25T22:00:00.000+00:00", number: "21", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-03T22:00:00.000+00:00", number: "22", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-23T22:00:00.000+00:00", number: "23", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-30T23:00:00.000+00:00", number: "24", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-06T23:00:00.000+00:00", number: "25", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-11T23:00:00.000+00:00", number: "26", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-20T23:00:00.000+00:00", number: "27", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2025-01-08T23:00:00.000+00:00", number: "28", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2025-01-14T23:00:00.000+00:00", number: "29", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "29", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "RESF Rocky Linux", product: { name: "RESF Rocky Linux", product_id: "T032255", product_identification_helper: { cpe: "cpe:/o:resf:rocky_linux:-", }, }, }, ], category: "vendor", name: "RESF", }, { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "T035142", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_version", name: "9", product: { name: "Red Hat Enterprise Linux 9", product_id: "T038901", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:9", }, }, }, ], category: "product_name", name: "Enterprise Linux", }, { branches: [ { category: "product_version", name: "Secondary Scheduler Operator", product: { name: "Red Hat OpenShift Secondary Scheduler Operator", product_id: "T027759", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:::secondary_scheduler_operator", }, }, }, { category: "product_version", name: "Kube Descheduler Operator 5", product: { name: "Red Hat OpenShift Kube Descheduler Operator 5", product_id: "T033270", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:kube_descheduler_operator_5", }, }, }, { category: "product_name", name: "Red Hat OpenShift", product: { name: "Red Hat OpenShift", product_id: "T035034", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:-", }, }, }, { category: "product_version_range", name: "Migration Toolkit for Applications <7.0.3", product: { name: "Red Hat OpenShift Migration Toolkit for Applications <7.0.3", product_id: "T035036", }, }, { category: "product_version", name: "Migration Toolkit for Applications 7.0.3", product: { name: "Red Hat OpenShift Migration Toolkit for Applications 7.0.3", product_id: "T035036-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:migration_toolkit_for_applications__7.0.3", }, }, }, { category: "product_version", name: "Custom Metric Autoscaler 2", product: { name: "Red Hat OpenShift Custom Metric Autoscaler 2", product_id: "T035047", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:custom_metric_autoscaler_2", }, }, }, { category: "product_version", name: "Network Observability 1.6", product: { name: "Red Hat OpenShift Network Observability 1.6", product_id: "T035431", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:network_observability_1.6", }, }, }, { category: "product_version", name: "GitOps 1.12", product: { name: "Red Hat OpenShift GitOps 1.12", product_id: "T035679", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:gitops_1.12", }, }, }, { category: "product_version", name: "Run Once Duration Override Operator 1", product: { name: "Red Hat OpenShift Run Once Duration Override Operator 1", product_id: "T035698", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:run_once_duration_override_operator_1", }, }, }, { category: "product_version_range", name: "Container Platform <4.16.8", product: { name: "Red Hat OpenShift Container Platform <4.16.8", product_id: "T036959", }, }, { category: "product_version", name: "Container Platform 4.16.8", product: { name: "Red Hat OpenShift Container Platform 4.16.8", product_id: "T036959-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.16.8", }, }, }, { category: "product_version_range", name: "for Windows Containers <10.15.3", product: { name: "Red Hat OpenShift for Windows Containers <10.15.3", product_id: "T036993", }, }, { category: "product_version", name: "for Windows Containers 10.15.3", product: { name: "Red Hat OpenShift for Windows Containers 10.15.3", product_id: "T036993-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:for_windows_containers__10.15.3", }, }, }, { category: "product_version", name: "CodeReady Workspaces", product: { name: "Red Hat OpenShift CodeReady Workspaces", product_id: "T037618", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:codeready_workspaces", }, }, }, { category: "product_version_range", name: "Container Platform <4.14.38", product: { name: "Red Hat OpenShift Container Platform <4.14.38", product_id: "T037940", }, }, { category: "product_version", name: "Container Platform 4.14.38", product: { name: "Red Hat OpenShift Container Platform 4.14.38", product_id: "T037940-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.14.38", }, }, }, { category: "product_version_range", name: "Data Foundation <4.14.13", product: { name: "Red Hat OpenShift Data Foundation <4.14.13", product_id: "T040215", }, }, { category: "product_version", name: "Data Foundation 4.14.13", product: { name: "Red Hat OpenShift Data Foundation 4.14.13", product_id: "T040215-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:data_foundation__4.14.13", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2020-26555", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2020-26555", }, { cve: "CVE-2021-25220", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2021-25220", }, { cve: "CVE-2021-29390", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2021-29390", }, { cve: "CVE-2021-43618", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2021-43618", }, { cve: "CVE-2022-0480", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-0480", }, { cve: "CVE-2022-2795", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-2795", }, { cve: "CVE-2022-3094", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-3094", }, { cve: "CVE-2022-38096", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-38096", }, { cve: "CVE-2022-40090", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-40090", }, { cve: "CVE-2022-45934", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-45934", }, { cve: "CVE-2022-48554", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-48554", }, { cve: "CVE-2022-48624", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2022-48624", }, { cve: "CVE-2023-24023", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-24023", }, { cve: "CVE-2023-25193", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-25193", }, { cve: "CVE-2023-25775", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-25775", }, { cve: "CVE-2023-26159", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-26159", }, { cve: "CVE-2023-26364", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-26364", }, { cve: "CVE-2023-28322", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-28322", }, { cve: "CVE-2023-28464", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-28464", }, { cve: "CVE-2023-28866", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-28866", }, { cve: "CVE-2023-2975", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-2975", }, { cve: "CVE-2023-31083", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-31083", }, { cve: "CVE-2023-31122", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-31122", }, { cve: "CVE-2023-3446", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-3446", }, { cve: "CVE-2023-3567", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-3567", }, { cve: "CVE-2023-3618", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-3618", }, { cve: "CVE-2023-37453", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-37453", }, { cve: "CVE-2023-3817", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-3817", }, { cve: "CVE-2023-38469", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-38469", }, { cve: "CVE-2023-38470", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-38470", }, { cve: "CVE-2023-38471", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-38471", }, { cve: "CVE-2023-38472", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-38472", }, { cve: "CVE-2023-38473", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-38473", }, { cve: "CVE-2023-38546", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-38546", }, { cve: "CVE-2023-39189", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-39189", }, { cve: "CVE-2023-39193", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-39193", }, { cve: "CVE-2023-39194", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-39194", }, { cve: "CVE-2023-39198", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-39198", }, { cve: "CVE-2023-39326", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-39326", }, { cve: "CVE-2023-40745", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-40745", }, { cve: "CVE-2023-41175", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-41175", }, { cve: "CVE-2023-4133", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-4133", }, { cve: "CVE-2023-42754", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-42754", }, { cve: "CVE-2023-42756", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-42756", }, { cve: "CVE-2023-43785", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-43785", }, { cve: "CVE-2023-43786", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-43786", }, { cve: "CVE-2023-43787", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-43787", }, { cve: "CVE-2023-43788", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-43788", }, { cve: "CVE-2023-43789", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-43789", }, { cve: "CVE-2023-4408", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-4408", }, { cve: "CVE-2023-45286", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45286", }, { cve: "CVE-2023-45287", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45287", }, { cve: "CVE-2023-45288", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45288", }, { cve: "CVE-2023-45289", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45289", }, { cve: "CVE-2023-45290", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45290", }, { cve: "CVE-2023-45857", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45857", }, { cve: "CVE-2023-45863", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-45863", }, { cve: "CVE-2023-46218", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-46218", }, { cve: "CVE-2023-46862", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-46862", }, { cve: "CVE-2023-47038", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-47038", }, { cve: "CVE-2023-48631", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-48631", }, { cve: "CVE-2023-50387", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-50387", }, { cve: "CVE-2023-50868", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-50868", }, { cve: "CVE-2023-51043", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-51043", }, { cve: "CVE-2023-51779", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-51779", }, { cve: "CVE-2023-51780", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-51780", }, { cve: "CVE-2023-52425", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52425", }, { cve: "CVE-2023-52434", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52434", }, { cve: "CVE-2023-52448", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52448", }, { cve: "CVE-2023-52476", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52476", }, { cve: "CVE-2023-52489", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52489", }, { cve: "CVE-2023-52522", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52522", }, { cve: "CVE-2023-52529", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52529", }, { cve: "CVE-2023-52574", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52574", }, { cve: "CVE-2023-52578", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52578", }, { cve: "CVE-2023-52580", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52580", }, { cve: "CVE-2023-52581", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52581", }, { cve: "CVE-2023-52597", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52597", }, { cve: "CVE-2023-52610", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52610", }, { cve: "CVE-2023-52620", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-52620", }, { cve: "CVE-2023-5678", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-5678", }, { cve: "CVE-2023-6040", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6040", }, { cve: "CVE-2023-6121", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6121", }, { cve: "CVE-2023-6129", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6129", }, { cve: "CVE-2023-6176", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6176", }, { cve: "CVE-2023-6228", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6228", }, { cve: "CVE-2023-6237", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6237", }, { cve: "CVE-2023-6240", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6240", }, { cve: "CVE-2023-6531", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6531", }, { cve: "CVE-2023-6546", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6546", }, { cve: "CVE-2023-6622", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6622", }, { cve: "CVE-2023-6915", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6915", }, { cve: "CVE-2023-6931", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6931", }, { cve: "CVE-2023-6932", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-6932", }, { cve: "CVE-2023-7008", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2023-7008", }, { cve: "CVE-2024-0565", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-0565", }, { cve: "CVE-2024-0727", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-0727", }, { cve: "CVE-2024-0841", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-0841", }, { cve: "CVE-2024-1085", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-1085", }, { cve: "CVE-2024-1086", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-1086", }, { cve: "CVE-2024-1394", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-1394", }, { cve: "CVE-2024-1488", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-1488", }, { cve: "CVE-2024-21011", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-21011", }, { cve: "CVE-2024-21012", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-21012", }, { cve: "CVE-2024-21068", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-21068", }, { cve: "CVE-2024-21085", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-21085", }, { cve: "CVE-2024-21094", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-21094", }, { cve: "CVE-2024-22365", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-22365", }, { cve: "CVE-2024-24783", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-24783", }, { cve: "CVE-2024-24784", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-24784", }, { cve: "CVE-2024-24785", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-24785", }, { cve: "CVE-2024-24786", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-24786", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-25742", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-25742", }, { cve: "CVE-2024-25743", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-25743", }, { cve: "CVE-2024-26582", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26582", }, { cve: "CVE-2024-26583", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26583", }, { cve: "CVE-2024-26584", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26584", }, { cve: "CVE-2024-26585", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26585", }, { cve: "CVE-2024-26586", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26586", }, { cve: "CVE-2024-26593", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26593", }, { cve: "CVE-2024-26602", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26602", }, { cve: "CVE-2024-26609", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26609", }, { cve: "CVE-2024-26633", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-26633", }, { cve: "CVE-2024-27316", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-27316", }, { cve: "CVE-2024-28834", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-28834", }, { cve: "CVE-2024-28835", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-28835", }, { cve: "CVE-2024-28849", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-28849", }, { cve: "CVE-2024-29180", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-29180", }, { cve: "CVE-2024-2961", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-2961", }, { cve: "CVE-2024-33599", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-33599", }, { cve: "CVE-2024-33600", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-33600", }, { cve: "CVE-2024-33601", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-33601", }, { cve: "CVE-2024-33602", notes: [ { category: "description", text: "In Red Hat OpenShift bestehen mehrere Schwachstellen. Diese Schwachstellen bestehen in mehreren Komponenten und Subsystemen wie Oracle Java, dem Linux-Kernel oder dem HTTP/2-Protokoll in der Programmiersprache Go und in der Migration Toolkit Komponente aufgrund mehrerer sicherheitsrelevanter Probleme wie einer Race Condition, einer NULL- Pointer-Dereferenz oder einem Memory Allocation-Problem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand auszulösen, beliebigen Code auszuführen, vertrauliche Informationen preiszugeben, seine Privilegien zu erweitern, oder um weitere nicht spezifizierte Angriffe auszuführen.", }, ], product_status: { known_affected: [ "T035679", "T037618", "T036959", "T038901", "67646", "T035034", "T036993", "T037940", "T035142", "T035698", "T032255", "T035047", "T035036", "T035431", "T027759", "T033270", "T000126", "T040215", "398363", ], }, release_date: "2024-05-22T22:00:00.000+00:00", title: "CVE-2024-33602", }, ], }
wid-sec-w-2024-1307
Vulnerability from csaf_certbund
Published
2024-06-06 22:00
Modified
2024-11-11 23:00
Summary
Red Hat OpenShift Service Mesh Containers: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh Containers ausnutzen, um Dateien zu manipulieren, einen 'Denial of Service'-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh Containers ausnutzen, um Dateien zu manipulieren, einen 'Denial of Service'-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1307 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1307.json", }, { category: "self", summary: "WID-SEC-2024-1307 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1307", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3680 vom 2024-06-06", url: "https://access.redhat.com/errata/RHSA-2024:3680", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3683 vom 2024-06-06", url: "https://access.redhat.com/errata/RHSA-2024:3683", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3790 vom 2024-06-11", url: "https://access.redhat.com/errata/RHSA-2024:3790", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3314 vom 2024-06-13", url: "https://access.redhat.com/errata/RHSA-2024:3314", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1616 vom 2024-07-01", url: "https://access.redhat.com/errata/RHSA-2024:1616", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4553 vom 2024-07-16", url: "https://access.redhat.com/errata/RHSA-2024:4553", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7184 vom 2024-10-03", url: "https://access.redhat.com/errata/RHSA-2024:7184", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8688 vom 2024-11-06", url: "https://access.redhat.com/errata/RHSA-2024:8688", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07", url: "https://access.redhat.com/errata/RHSA-2024:8692", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:9088 vom 2024-11-12", url: "https://access.redhat.com/errata/RHSA-2024:9088", }, ], source_lang: "en-US", title: "Red Hat OpenShift Service Mesh Containers: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-11T23:00:00.000+00:00", generator: { date: "2024-11-12T11:13:17.378+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-1307", initial_release_date: "2024-06-06T22:00:00.000+00:00", revision_history: [ { date: "2024-06-06T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-06-10T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-13T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-18T22:00:00.000+00:00", number: "4", summary: "Korrektur Plattformauswahl", }, { date: "2024-06-30T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-15T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-03T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-06T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-11T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "9", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_version", name: "9", product: { name: "Red Hat Enterprise Linux 9", product_id: "T038901", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:9", }, }, }, ], category: "product_name", name: "Enterprise Linux", }, { branches: [ { category: "product_version_range", name: "Service Mesh Containers <2.5.2", product: { name: "Red Hat OpenShift Service Mesh Containers <2.5.2", product_id: "T035259", }, }, { category: "product_version", name: "Service Mesh Containers 2.5.2", product: { name: "Red Hat OpenShift Service Mesh Containers 2.5.2", product_id: "T035259-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:service_mesh_containers__2.5.2", }, }, }, { category: "product_version_range", name: "Service Mesh Containers <2.4.8", product: { name: "Red Hat OpenShift Service Mesh Containers <2.4.8", product_id: "T035260", }, }, { category: "product_version", name: "Service Mesh Containers 2.4.8", product: { name: "Red Hat OpenShift Service Mesh Containers 2.4.8", product_id: "T035260-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:service_mesh_containers__2.4.8", }, }, }, { category: "product_version", name: "Run Once Duration Override Operator 1", product: { name: "Red Hat OpenShift Run Once Duration Override Operator 1", product_id: "T035698", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:run_once_duration_override_operator_1", }, }, }, { category: "product_version_range", name: "Container Platform <4.14.38", product: { name: "Red Hat OpenShift Container Platform <4.14.38", product_id: "T037940", }, }, { category: "product_version", name: "Container Platform 4.14.38", product: { name: "Red Hat OpenShift Container Platform 4.14.38", product_id: "T037940-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.14.38", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-25220", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2021-25220", }, { cve: "CVE-2021-43618", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2021-43618", }, { cve: "CVE-2021-46848", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2021-46848", }, { cve: "CVE-2022-1271", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-1271", }, { cve: "CVE-2022-2795", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-2795", }, { cve: "CVE-2022-3094", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-3094", }, { cve: "CVE-2022-36227", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-36227", }, { cve: "CVE-2022-47024", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-47024", }, { cve: "CVE-2022-47629", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-47629", }, { cve: "CVE-2022-48303", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-48303", }, { cve: "CVE-2022-48468", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-48468", }, { cve: "CVE-2022-48554", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-48554", }, { cve: "CVE-2022-48624", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-48624", }, { cve: "CVE-2023-22745", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-22745", }, { cve: "CVE-2023-2602", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-2602", }, { cve: "CVE-2023-2603", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-2603", }, { cve: "CVE-2023-29491", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-29491", }, { cve: "CVE-2023-2975", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-2975", }, { cve: "CVE-2023-3446", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-3446", }, { cve: "CVE-2023-36054", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-36054", }, { cve: "CVE-2023-3817", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-3817", }, { cve: "CVE-2023-39975", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-39975", }, { cve: "CVE-2023-4408", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-4408", }, { cve: "CVE-2023-44487", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-44487", }, { cve: "CVE-2023-45288", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-45288", }, { cve: "CVE-2023-4641", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-4641", }, { cve: "CVE-2023-4692", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-4692", }, { cve: "CVE-2023-4693", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-4693", }, { cve: "CVE-2023-47038", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-47038", }, { cve: "CVE-2023-50387", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-50387", }, { cve: "CVE-2023-50868", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-50868", }, { cve: "CVE-2023-5517", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-5517", }, { cve: "CVE-2023-5678", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-5678", }, { cve: "CVE-2023-5679", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-5679", }, { cve: "CVE-2023-6004", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-6004", }, { cve: "CVE-2023-6129", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-6129", }, { cve: "CVE-2023-6237", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-6237", }, { cve: "CVE-2023-6516", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-6516", }, { cve: "CVE-2023-6597", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-6597", }, { cve: "CVE-2023-6918", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-6918", }, { cve: "CVE-2023-7008", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-7008", }, { cve: "CVE-2023-7104", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-7104", }, { cve: "CVE-2024-0450", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-0450", }, { cve: "CVE-2024-0727", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-0727", }, { cve: "CVE-2024-1048", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-1048", }, { cve: "CVE-2024-1313", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-1313", }, { cve: "CVE-2024-1394", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-1394", }, { cve: "CVE-2024-22195", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-22195", }, { cve: "CVE-2024-22365", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-22365", }, { cve: "CVE-2024-24786", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-24786", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-26458", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-26458", }, { cve: "CVE-2024-26461", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-26461", }, { cve: "CVE-2024-28834", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-28834", }, { cve: "CVE-2024-28835", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-28835", }, { cve: "CVE-2024-2961", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-2961", }, { cve: "CVE-2024-33599", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-33599", }, { cve: "CVE-2024-33600", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-33600", }, { cve: "CVE-2024-33601", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-33601", }, { cve: "CVE-2024-33602", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-33602", }, ], }
wid-sec-w-2024-0869
Vulnerability from csaf_certbund
Published
2024-04-16 22:00
Modified
2024-11-21 23:00
Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0869 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0869.json", }, { category: "self", summary: "WID-SEC-2024-0869 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0869", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Communications vom 2024-04-16", url: "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixCGBU", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1878 vom 2024-04-18", url: "https://access.redhat.com/errata/RHSA-2024:1878", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202405-01 vom 2024-05-04", url: "https://security.gentoo.org/glsa/202405-01", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7987 vom 2024-10-10", url: "https://access.redhat.com/errata/RHSA-2024:7987", }, { category: "external", summary: "XEROX Security Advisory XRX24-017 vom 2024-11-21", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, ], source_lang: "en-US", title: "Oracle Communications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-21T23:00:00.000+00:00", generator: { date: "2024-11-22T10:07:06.493+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-0869", initial_release_date: "2024-04-16T22:00:00.000+00:00", revision_history: [ { date: "2024-04-16T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-04-17T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-05T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-10-10T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-21T23:00:00.000+00:00", number: "5", summary: "Neue Updates von XEROX aufgenommen", }, ], status: "final", version: "5", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version", name: "5", product: { name: "Oracle Communications 5.0", product_id: "T021645", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.0", }, }, }, { category: "product_version", name: "22.4.0", product: { name: "Oracle Communications 22.4.0", product_id: "T024981", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.4.0", }, }, }, { category: "product_version", name: "23.1.0", product: { name: "Oracle Communications 23.1.0", product_id: "T027326", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.1.0", }, }, }, { category: "product_version", name: "23.2.0", product: { name: "Oracle Communications 23.2.0", product_id: "T028682", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.2.0", }, }, }, { category: "product_version", name: "5.1", product: { name: "Oracle Communications 5.1", product_id: "T028684", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.1", }, }, }, { category: "product_version", name: "23.2.2", product: { name: "Oracle Communications 23.2.2", product_id: "T030583", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.2.2", }, }, }, { category: "product_version", name: "23.3.0", product: { name: "Oracle Communications 23.3.0", product_id: "T030586", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.3.0", }, }, }, { category: "product_version", name: "9.0.0.0", product: { name: "Oracle Communications 9.0.0.0", product_id: "T030589", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.0.0.0", }, }, }, { category: "product_version_range", name: "<=7.2.1.0.0", product: { name: "Oracle Communications <=7.2.1.0.0", product_id: "T030593", }, }, { category: "product_version_range", name: "<=7.2.1.0.0", product: { name: "Oracle Communications <=7.2.1.0.0", product_id: "T030593-fixed", }, }, { category: "product_version_range", name: "<=9.0.2", product: { name: "Oracle Communications <=9.0.2", product_id: "T030595", }, }, { category: "product_version_range", name: "<=9.0.2", product: { name: "Oracle Communications <=9.0.2", product_id: "T030595-fixed", }, }, { category: "product_version", name: "23.3.1", product: { name: "Oracle Communications 23.3.1", product_id: "T032088", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.3.1", }, }, }, { category: "product_version", name: "23.4.0", product: { name: "Oracle Communications 23.4.0", product_id: "T032091", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.0", }, }, }, { category: "product_version", name: "23.4.1", product: { name: "Oracle Communications 23.4.1", product_id: "T034143", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.1", }, }, }, { category: "product_version_range", name: "<=23.4.2", product: { name: "Oracle Communications <=23.4.2", product_id: "T034144", }, }, { category: "product_version_range", name: "<=23.4.2", product: { name: "Oracle Communications <=23.4.2", product_id: "T034144-fixed", }, }, { category: "product_version", name: "24.1.0", product: { name: "Oracle Communications 24.1.0", product_id: "T034145", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0", }, }, }, { category: "product_version", name: "5.2", product: { name: "Oracle Communications 5.2", product_id: "T034146", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.2", }, }, }, { category: "product_version", name: "24.1.0.0.0", product: { name: "Oracle Communications 24.1.0.0.0", product_id: "T034147", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0.0.0", }, }, }, { category: "product_version", name: "23.3.2", product: { name: "Oracle Communications 23.3.2", product_id: "T034148", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.3.2", }, }, }, { category: "product_version", name: "14.0.0.0.0", product: { name: "Oracle Communications 14.0.0.0.0", product_id: "T034149", product_identification_helper: { cpe: "cpe:/a:oracle:communications:14.0.0.0.0", }, }, }, { category: "product_version", name: "9.1.1.7.0", product: { name: "Oracle Communications 9.1.1.7.0", product_id: "T034150", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.7.0", }, }, }, ], category: "product_name", name: "Communications", }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { branches: [ { category: "product_version", name: "v9", product: { name: "Xerox FreeFlow Print Server v9", product_id: "T015632", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9", }, }, }, ], category: "product_name", name: "FreeFlow Print Server", }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2022-40152", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2022-40896", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-40896", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2023-2283", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-2283", }, { cve: "CVE-2023-31122", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-31122", }, { cve: "CVE-2023-33201", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-33201", }, { cve: "CVE-2023-34053", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-34053", }, { cve: "CVE-2023-34055", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-34055", }, { cve: "CVE-2023-4016", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-4016", }, { cve: "CVE-2023-41056", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-41056", }, { cve: "CVE-2023-43496", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-43496", }, { cve: "CVE-2023-44487", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-44487", }, { cve: "CVE-2023-45142", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-45142", }, { cve: "CVE-2023-4641", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-4641", }, { cve: "CVE-2023-46589", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-46589", }, { cve: "CVE-2023-47100", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-47100", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-48795", }, { cve: "CVE-2023-49083", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-49083", }, { cve: "CVE-2023-5072", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-5072", }, { cve: "CVE-2023-51074", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-51074", }, { cve: "CVE-2023-51257", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-51257", }, { cve: "CVE-2023-51775", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-51775", }, { cve: "CVE-2023-5341", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-5341", }, { cve: "CVE-2023-5363", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-5363", }, { cve: "CVE-2023-6507", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-6507", }, { cve: "CVE-2024-1635", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-1635", }, { cve: "CVE-2024-21626", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-21626", }, { cve: "CVE-2024-22201", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22201", }, { cve: "CVE-2024-22233", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22233", }, { cve: "CVE-2024-22257", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22257", }, { cve: "CVE-2024-22259", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22259", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-26130", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-26130", }, { cve: "CVE-2024-26308", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-26308", }, ], }
wid-sec-w-2024-1642
Vulnerability from csaf_certbund
Published
2024-07-16 22:00
Modified
2024-11-20 23:00
Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1642 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1642.json", }, { category: "self", summary: "WID-SEC-2024-1642 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1642", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Communications vom 2024-07-16", url: "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixCGBU", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:6016 vom 2024-09-05", url: "https://access.redhat.com/errata/RHSA-2024:6016", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:9975 vom 2024-11-21", url: "https://access.redhat.com/errata/RHSA-2024:9975", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:9976 vom 2024-11-21", url: "https://access.redhat.com/errata/RHSA-2024:9976", }, ], source_lang: "en-US", title: "Oracle Communications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-20T23:00:00.000+00:00", generator: { date: "2024-11-21T13:09:50.776+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-1642", initial_release_date: "2024-07-16T22:00:00.000+00:00", revision_history: [ { date: "2024-07-16T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-09-05T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-20T23:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "23.1.0", product: { name: "Oracle Communications 23.1.0", product_id: "T027326", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.1.0", }, }, }, { category: "product_version", name: "12.6.1.0.0", product: { name: "Oracle Communications 12.6.1.0.0", product_id: "T027338", product_identification_helper: { cpe: "cpe:/a:oracle:communications:12.6.1.0.0", }, }, }, { category: "product_version", name: "5.1", product: { name: "Oracle Communications 5.1", product_id: "T028684", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.1", }, }, }, { category: "product_version", name: "15.0.0.0.0", product: { name: "Oracle Communications 15.0.0.0.0", product_id: "T032090", product_identification_helper: { cpe: "cpe:/a:oracle:communications:15.0.0.0.0", }, }, }, { category: "product_version", name: "23.4.0", product: { name: "Oracle Communications 23.4.0", product_id: "T032091", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.0", }, }, }, { category: "product_version", name: "23.4.1", product: { name: "Oracle Communications 23.4.1", product_id: "T034143", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.1", }, }, }, { category: "product_version", name: "23.4.2", product: { name: "Oracle Communications 23.4.2", product_id: "T034144", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.2", }, }, }, { category: "product_version", name: "24.1.0", product: { name: "Oracle Communications 24.1.0", product_id: "T034145", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0", }, }, }, { category: "product_version", name: "5.2", product: { name: "Oracle Communications 5.2", product_id: "T034146", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.2", }, }, }, { category: "product_version_range", name: "<=23.4.3", product: { name: "Oracle Communications <=23.4.3", product_id: "T036195", }, }, { category: "product_version_range", name: "<=23.4.3", product: { name: "Oracle Communications <=23.4.3", product_id: "T036195-fixed", }, }, { category: "product_version_range", name: "<=23.4.4", product: { name: "Oracle Communications <=23.4.4", product_id: "T036196", }, }, { category: "product_version_range", name: "<=23.4.4", product: { name: "Oracle Communications <=23.4.4", product_id: "T036196-fixed", }, }, { category: "product_version", name: "24.2.0", product: { name: "Oracle Communications 24.2.0", product_id: "T036197", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.2.0", }, }, }, { category: "product_version_range", name: "<=8.6.0.8", product: { name: "Oracle Communications <=8.6.0.8", product_id: "T036198", }, }, { category: "product_version_range", name: "<=8.6.0.8", product: { name: "Oracle Communications <=8.6.0.8", product_id: "T036198-fixed", }, }, { category: "product_version", name: "46.6.4", product: { name: "Oracle Communications 46.6.4", product_id: "T036199", product_identification_helper: { cpe: "cpe:/a:oracle:communications:46.6.4", }, }, }, { category: "product_version", name: "46.6.5", product: { name: "Oracle Communications 46.6.5", product_id: "T036200", product_identification_helper: { cpe: "cpe:/a:oracle:communications:46.6.5", }, }, }, { category: "product_version", name: "12.11.3", product: { name: "Oracle Communications 12.11.3", product_id: "T036201", product_identification_helper: { cpe: "cpe:/a:oracle:communications:12.11.3", }, }, }, { category: "product_version", name: "12.11.4", product: { name: "Oracle Communications 12.11.4", product_id: "T036202", product_identification_helper: { cpe: "cpe:/a:oracle:communications:12.11.4", }, }, }, { category: "product_version_range", name: "<=8.6.0.6", product: { name: "Oracle Communications <=8.6.0.6", product_id: "T036203", }, }, { category: "product_version_range", name: "<=8.6.0.6", product: { name: "Oracle Communications <=8.6.0.6", product_id: "T036203-fixed", }, }, { category: "product_version", name: "10.5", product: { name: "Oracle Communications 10.5", product_id: "T036204", product_identification_helper: { cpe: "cpe:/a:oracle:communications:10.5", }, }, }, { category: "product_version", name: "4.1.0", product: { name: "Oracle Communications 4.1.0", product_id: "T036205", product_identification_helper: { cpe: "cpe:/a:oracle:communications:4.1.0", }, }, }, { category: "product_version", name: "4.2.0", product: { name: "Oracle Communications 4.2.0", product_id: "T036206", product_identification_helper: { cpe: "cpe:/a:oracle:communications:4.2.0", }, }, }, { category: "product_version", name: "9.2.0", product: { name: "Oracle Communications 9.2.0", product_id: "T036207", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.2.0", }, }, }, { category: "product_version", name: "9.3.0", product: { name: "Oracle Communications 9.3.0", product_id: "T036208", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.3.0", }, }, }, { category: "product_version", name: "12.11.0", product: { name: "Oracle Communications 12.11.0", product_id: "T036209", product_identification_helper: { cpe: "cpe:/a:oracle:communications:12.11.0", }, }, }, { category: "product_version_range", name: "<=9.0.3", product: { name: "Oracle Communications <=9.0.3", product_id: "T036210", }, }, { category: "product_version_range", name: "<=9.0.3", product: { name: "Oracle Communications <=9.0.3", product_id: "T036210-fixed", }, }, ], category: "product_name", name: "Communications", }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2019-10086", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2019-10086", }, { cve: "CVE-2021-29425", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2021-29425", }, { cve: "CVE-2021-37533", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2021-37533", }, { cve: "CVE-2021-41184", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2021-41184", }, { cve: "CVE-2022-34169", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2022-34169", }, { cve: "CVE-2022-36033", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2022-36033", }, { cve: "CVE-2022-42890", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2022-42890", }, { cve: "CVE-2022-48174", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2022-48174", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-33201", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-33201", }, { cve: "CVE-2023-37920", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-37920", }, { cve: "CVE-2023-44487", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-44487", }, { cve: "CVE-2023-46589", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-46589", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-48795", }, { cve: "CVE-2023-51775", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-51775", }, { cve: "CVE-2023-52425", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-52425", }, { cve: "CVE-2023-5685", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-5685", }, { cve: "CVE-2024-0450", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-0450", }, { cve: "CVE-2024-22019", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-22019", }, { cve: "CVE-2024-22201", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-22201", }, { cve: "CVE-2024-22234", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-22234", }, { cve: "CVE-2024-22257", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-22262", }, { cve: "CVE-2024-23672", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-23672", }, { cve: "CVE-2024-23807", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-23807", }, { cve: "CVE-2024-23897", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-23897", }, { cve: "CVE-2024-24549", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-24549", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-25710", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-25710", }, { cve: "CVE-2024-26130", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-26130", }, { cve: "CVE-2024-26308", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-26308", }, { cve: "CVE-2024-27316", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-27316", }, { cve: "CVE-2024-28182", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-28182", }, { cve: "CVE-2024-28752", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-28752", }, { cve: "CVE-2024-28849", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-29025", }, { cve: "CVE-2024-2961", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-2961", }, { cve: "CVE-2024-34064", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-34064", }, { cve: "CVE-2024-34069", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-34069", }, { cve: "CVE-2024-6162", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "67646", "T036206", "T036207", "T036208", "T034143", "T036201", "T036202", "T036204", "T036197", "T034146", "T034145", "T036199", "T034144", "T036200", "T032090", "T032091", "T027326", "T027338", "T028684", ], last_affected: [ "T036195", "T036196", "T036203", "T036198", "T036210", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-6162", }, ], }
wid-sec-w-2024-3377
Vulnerability from csaf_certbund
Published
2024-11-07 23:00
Modified
2024-11-07 23:00
Summary
Dell PowerProtect Data Domain: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Dell PowerProtect Data Domain Appliances sind speziell für Backup und Daten-Deduplizierung ausgelegte Systeme.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Dell PowerProtect Data Domain ausnutzen, um seine Privilegien zu erhöhen, Informationen offenzulegen und um nicht näher beschriebene Auswirkungen zu erzielen.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Dell PowerProtect Data Domain Appliances sind speziell für Backup und Daten-Deduplizierung ausgelegte Systeme.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein lokaler Angreifer kann mehrere Schwachstellen in Dell PowerProtect Data Domain ausnutzen, um seine Privilegien zu erhöhen, Informationen offenzulegen und um nicht näher beschriebene Auswirkungen zu erzielen.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3377 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3377.json", }, { category: "self", summary: "WID-SEC-2024-3377 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3377", }, { category: "external", summary: "Dell Security Update", url: "https://www.dell.com/support/kbdoc/de-de/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability", }, ], source_lang: "en-US", title: "Dell PowerProtect Data Domain: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-07T23:00:00.000+00:00", generator: { date: "2024-11-08T12:08:33.588+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3377", initial_release_date: "2024-11-07T23:00:00.000+00:00", revision_history: [ { date: "2024-11-07T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<8.1.0.0", product: { name: "Dell PowerProtect Data Domain <8.1.0.0", product_id: "T038861", }, }, { category: "product_version", name: "8.1.0.0", product: { name: "Dell PowerProtect Data Domain 8.1.0.0", product_id: "T038861-fixed", product_identification_helper: { cpe: "cpe:/a:dell:powerprotect_data_domain:8.1.0.0", }, }, }, { category: "product_version_range", name: "<7.13.1.10", product: { name: "Dell PowerProtect Data Domain <7.13.1.10", product_id: "T038862", }, }, { category: "product_version", name: "7.13.1.10", product: { name: "Dell PowerProtect Data Domain 7.13.1.10", product_id: "T038862-fixed", product_identification_helper: { cpe: "cpe:/a:dell:powerprotect_data_domain:7.13.1.10", }, }, }, { category: "product_version_range", name: "<7.10.1.40", product: { name: "Dell PowerProtect Data Domain <7.10.1.40", product_id: "T038863", }, }, { category: "product_version", name: "7.10.1.40", product: { name: "Dell PowerProtect Data Domain 7.10.1.40", product_id: "T038863-fixed", product_identification_helper: { cpe: "cpe:/a:dell:powerprotect_data_domain:7.10.1.40", }, }, }, { category: "product_version_range", name: "<7.7.5.50", product: { name: "Dell PowerProtect Data Domain <7.7.5.50", product_id: "T038864", }, }, { category: "product_version", name: "7.7.5.50", product: { name: "Dell PowerProtect Data Domain 7.7.5.50", product_id: "T038864-fixed", product_identification_helper: { cpe: "cpe:/a:dell:powerprotect_data_domain:7.7.5.50", }, }, }, ], category: "product_name", name: "powerprotect_data_domain", }, ], category: "vendor", name: "dell", }, ], }, vulnerabilities: [ { cve: "CVE-2024-45759", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Dell PowerProtect Data Domain. Dieser Fehler existiert wegen unzureichender Privilegienbeschränkungen, die unautorisierte Konfigurationsänderungen ermöglichen. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um bestimmte Befehle auszuführen, die Systemkonfiguration der Anwendung zu überschreiben und so seine Privilegien zu erhöhen oder einen Denial-of-Service-Zustand zu erzeugen. Zur erfolgreichen Ausnutzung ist eine Benutzerinteraktion erforderlich.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-45759", }, { cve: "CVE-2024-48010", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in Dell PowerProtect Data Domain. Dieser Fehler existiert wegen einer unsachgemäßen Zugriffskontrolle. Ein entfernter authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um seine Privilegien zu erhöhen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-48010", }, { cve: "CVE-2024-48011", notes: [ { category: "description", text: "Es existiert eine nicht näher beschriebene Schwachstelle in Dell PowerProtect Data Domain. Ein entfernter, authentisierter Angreifer kann dadurch Informationen offenlegen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-48011", }, { cve: "CVE-2017-16829", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2017-16829", }, { cve: "CVE-2017-5849", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2017-5849", }, { cve: "CVE-2018-7208", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2018-7208", }, { cve: "CVE-2019-14889", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2019-14889", }, { cve: "CVE-2020-12912", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2020-12912", }, { cve: "CVE-2020-16135", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2020-16135", }, { cve: "CVE-2020-1730", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2020-1730", }, { cve: "CVE-2020-24455", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2020-24455", }, { cve: "CVE-2020-8694", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2020-8694", }, { cve: "CVE-2020-8695", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2020-8695", }, { cve: "CVE-2021-27219", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2021-27219", }, { cve: "CVE-2021-3565", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2021-3565", }, { cve: "CVE-2021-3634", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2021-3634", }, { cve: "CVE-2022-1210", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-1210", }, { cve: "CVE-2022-1622", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-1622", }, { cve: "CVE-2022-1996", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-1996", }, { cve: "CVE-2022-22576", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-22576", }, { cve: "CVE-2022-25313", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-25313", }, { cve: "CVE-2022-27774", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-27774", }, { cve: "CVE-2022-27775", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-27775", }, { cve: "CVE-2022-27776", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-27776", }, { cve: "CVE-2022-27781", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-27781", }, { cve: "CVE-2022-27782", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-27782", }, { cve: "CVE-2022-29361", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-29361", }, { cve: "CVE-2022-32205", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-32205", }, { cve: "CVE-2022-32206", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-32206", }, { cve: "CVE-2022-32207", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-32207", }, { cve: "CVE-2022-32208", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-32208", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-40023", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-40023", }, { cve: "CVE-2022-40090", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-40090", }, { cve: "CVE-2022-42915", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-42915", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-43551", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-43551", }, { cve: "CVE-2022-43552", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-43552", }, { cve: "CVE-2022-4603", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-4603", }, { cve: "CVE-2022-48064", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-48064", }, { cve: "CVE-2022-48624", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2022-48624", }, { cve: "CVE-2023-0461", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-0461", }, { cve: "CVE-2023-1667", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-1667", }, { cve: "CVE-2023-1916", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-1916", }, { cve: "CVE-2023-20592", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-20592", }, { cve: "CVE-2023-2137", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-2137", }, { cve: "CVE-2023-22745", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-22745", }, { cve: "CVE-2023-2283", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-2283", }, { cve: "CVE-2023-23914", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-23914", }, { cve: "CVE-2023-23915", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-23915", }, { cve: "CVE-2023-23916", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-23916", }, { cve: "CVE-2023-23934", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-23934", }, { cve: "CVE-2023-25577", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-25577", }, { cve: "CVE-2023-26965", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-26965", }, { cve: "CVE-2023-27043", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-27043", }, { cve: "CVE-2023-2731", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-2731", }, { cve: "CVE-2023-27533", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-27533", }, { cve: "CVE-2023-27534", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-27534", }, { cve: "CVE-2023-27535", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-27535", }, { cve: "CVE-2023-27536", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-27536", }, { cve: "CVE-2023-27538", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-27538", }, { cve: "CVE-2023-28319", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-28319", }, { cve: "CVE-2023-28320", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-28320", }, { cve: "CVE-2023-28321", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-28321", }, { cve: "CVE-2023-28322", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-28322", }, { cve: "CVE-2023-31083", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-31083", }, { cve: "CVE-2023-34055", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-34055", }, { cve: "CVE-2023-35116", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-35116", }, { cve: "CVE-2023-38286", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-38286", }, { cve: "CVE-2023-38469", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-38469", }, { cve: "CVE-2023-38471", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-38471", }, { cve: "CVE-2023-38472", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-38472", }, { cve: "CVE-2023-38545", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-38545", }, { cve: "CVE-2023-38546", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-38546", }, { cve: "CVE-2023-39197", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-39197", }, { cve: "CVE-2023-39198", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-39198", }, { cve: "CVE-2023-39804", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-39804", }, { cve: "CVE-2023-40217", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-40217", }, { cve: "CVE-2023-42465", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-42465", }, { cve: "CVE-2023-4255", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-4255", }, { cve: "CVE-2023-45139", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-45139", }, { cve: "CVE-2023-45322", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-45322", }, { cve: "CVE-2023-45863", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-45863", }, { cve: "CVE-2023-45871", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-45871", }, { cve: "CVE-2023-46136", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-46136", }, { cve: "CVE-2023-46218", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-46218", }, { cve: "CVE-2023-46219", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-46219", }, { cve: "CVE-2023-46751", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-46751", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-48795", }, { cve: "CVE-2023-49083", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-49083", }, { cve: "CVE-2023-50447", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-50447", }, { cve: "CVE-2023-5049", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-5049", }, { cve: "CVE-2023-50495", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-50495", }, { cve: "CVE-2023-50782", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-50782", }, { cve: "CVE-2023-51257", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-51257", }, { cve: "CVE-2023-52425", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-52425", }, { cve: "CVE-2023-52426", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-52426", }, { cve: "CVE-2023-5678", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-5678", }, { cve: "CVE-2023-5717", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-5717", }, { cve: "CVE-2023-5752", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-5752", }, { cve: "CVE-2023-6004", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-6004", }, { cve: "CVE-2023-6597", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-6597", }, { cve: "CVE-2023-6918", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-6918", }, { cve: "CVE-2023-7207", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2023-7207", }, { cve: "CVE-2024-0450", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-0450", }, { cve: "CVE-2024-0727", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-0727", }, { cve: "CVE-2024-0985", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-0985", }, { cve: "CVE-2024-21626", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-21626", }, { cve: "CVE-2024-22195", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-22195", }, { cve: "CVE-2024-22365", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-22365", }, { cve: "CVE-2024-23651", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-23651", }, { cve: "CVE-2024-23652", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-23652", }, { cve: "CVE-2024-23653", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-23653", }, { cve: "CVE-2024-23672", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-23672", }, { cve: "CVE-2024-24549", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-24549", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-26130", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-26130", }, { cve: "CVE-2024-26458", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-26458", }, { cve: "CVE-2024-26461", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-26461", }, { cve: "CVE-2024-28085", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-28085", }, { cve: "CVE-2024-28182", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-28182", }, { cve: "CVE-2024-28219", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-28219", }, { cve: "CVE-2024-28757", notes: [ { category: "description", text: "Es existieren mehrere Schwachstellen in Dell PowerProtect Data Domain bezüglich genutzter Komponenten von Drittanbietern, wie Apache Tomcat, curl, Linux Kernel, python und anderen, die zum aktuellen Zeitpunkt nicht im Detail beschrieben und veröffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht näher spezifizierte Auswirkungen zu verursachen.", }, ], product_status: { known_affected: [ "T038864", "T038863", "T038862", "T038861", ], }, release_date: "2024-11-07T23:00:00.000+00:00", title: "CVE-2024-28757", }, ], }
wid-sec-w-2024-3195
Vulnerability from csaf_certbund
Published
2024-10-15 22:00
Modified
2024-10-15 22:00
Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Sonstiges", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3195 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3195.json", }, { category: "self", summary: "WID-SEC-2024-3195 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3195", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Communications vom 2024-10-15", url: "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixCGBU", }, ], source_lang: "en-US", title: "Oracle Communications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-10-15T22:00:00.000+00:00", generator: { date: "2024-10-16T10:12:35.400+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-3195", initial_release_date: "2024-10-15T22:00:00.000+00:00", revision_history: [ { date: "2024-10-15T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "9.1.1.3.0", product: { name: "Oracle Communications 9.1.1.3.0", product_id: "T027333", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.3.0", }, }, }, { category: "product_version", name: "12.6.1.0.0", product: { name: "Oracle Communications 12.6.1.0.0", product_id: "T027338", product_identification_helper: { cpe: "cpe:/a:oracle:communications:12.6.1.0.0", }, }, }, { category: "product_version", name: "5.1", product: { name: "Oracle Communications 5.1", product_id: "T028684", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.1", }, }, }, { category: "product_version", name: "15.0.0.0.0", product: { name: "Oracle Communications 15.0.0.0.0", product_id: "T032090", product_identification_helper: { cpe: "cpe:/a:oracle:communications:15.0.0.0.0", }, }, }, { category: "product_version", name: "23.4.0", product: { name: "Oracle Communications 23.4.0", product_id: "T032091", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.0", }, }, }, { category: "product_version", name: "23.4.2", product: { name: "Oracle Communications 23.4.2", product_id: "T034144", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.2", }, }, }, { category: "product_version", name: "24.1.0", product: { name: "Oracle Communications 24.1.0", product_id: "T034145", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0", }, }, }, { category: "product_version", name: "5.2", product: { name: "Oracle Communications 5.2", product_id: "T034146", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.2", }, }, }, { category: "product_version", name: "24.1.0.0.0", product: { name: "Oracle Communications 24.1.0.0.0", product_id: "T034147", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0.0.0", }, }, }, { category: "product_version", name: "23.4.3", product: { name: "Oracle Communications 23.4.3", product_id: "T036195", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.3", }, }, }, { category: "product_version", name: "23.4.4", product: { name: "Oracle Communications 23.4.4", product_id: "T036196", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.4", }, }, }, { category: "product_version_range", name: "<=24.2.0", product: { name: "Oracle Communications <=24.2.0", product_id: "T036197", }, }, { category: "product_version_range", name: "<=24.2.0", product: { name: "Oracle Communications <=24.2.0", product_id: "T036197-fixed", }, }, { category: "product_version", name: "4.1.0", product: { name: "Oracle Communications 4.1.0", product_id: "T036205", product_identification_helper: { cpe: "cpe:/a:oracle:communications:4.1.0", }, }, }, { category: "product_version", name: "4.2.0", product: { name: "Oracle Communications 4.2.0", product_id: "T036206", product_identification_helper: { cpe: "cpe:/a:oracle:communications:4.2.0", }, }, }, { category: "product_version", name: "9.2.0", product: { name: "Oracle Communications 9.2.0", product_id: "T036207", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.2.0", }, }, }, { category: "product_version", name: "9.3.0", product: { name: "Oracle Communications 9.3.0", product_id: "T036208", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.3.0", }, }, }, { category: "product_version", name: "12.11.0", product: { name: "Oracle Communications 12.11.0", product_id: "T036209", product_identification_helper: { cpe: "cpe:/a:oracle:communications:12.11.0", }, }, }, { category: "product_version", name: "9.0.1.10.0", product: { name: "Oracle Communications 9.0.1.10.0", product_id: "T038373", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.0.1.10.0", }, }, }, { category: "product_version_range", name: "<=23.4.5", product: { name: "Oracle Communications <=23.4.5", product_id: "T038375", }, }, { category: "product_version_range", name: "<=23.4.5", product: { name: "Oracle Communications <=23.4.5", product_id: "T038375-fixed", }, }, { category: "product_version", name: "24.2.1", product: { name: "Oracle Communications 24.2.1", product_id: "T038376", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.2.1", }, }, }, { category: "product_version_range", name: "<=23.4.6", product: { name: "Oracle Communications <=23.4.6", product_id: "T038377", }, }, { category: "product_version_range", name: "<=23.4.6", product: { name: "Oracle Communications <=23.4.6", product_id: "T038377-fixed", }, }, { category: "product_version", name: "24.1.1", product: { name: "Oracle Communications 24.1.1", product_id: "T038378", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.1", }, }, }, { category: "product_version", name: "24.2.2", product: { name: "Oracle Communications 24.2.2", product_id: "T038379", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.2.2", }, }, }, { category: "product_version", name: "9.1.5", product: { name: "Oracle Communications 9.1.5", product_id: "T038380", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.5", }, }, }, { category: "product_version", name: "9.1.0", product: { name: "Oracle Communications 9.1.0", product_id: "T038381", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.0", }, }, }, { category: "product_version", name: "14", product: { name: "Oracle Communications 14.0", product_id: "T038382", product_identification_helper: { cpe: "cpe:/a:oracle:communications:14.0", }, }, }, { category: "product_version", name: "9.1.1.9.0", product: { name: "Oracle Communications 9.1.1.9.0", product_id: "T038383", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.9.0", }, }, }, { category: "product_version", name: "14.0.0.1", product: { name: "Oracle Communications 14.0.0.1", product_id: "T038384", product_identification_helper: { cpe: "cpe:/a:oracle:communications:14.0.0.1", }, }, }, { category: "product_version", name: "17.0.1", product: { name: "Oracle Communications 17.0.1", product_id: "T038385", product_identification_helper: { cpe: "cpe:/a:oracle:communications:17.0.1", }, }, }, { category: "product_version_range", name: "<10.4.0.4", product: { name: "Oracle Communications <10.4.0.4", product_id: "T038386", }, }, { category: "product_version", name: "10.4.0.4", product: { name: "Oracle Communications 10.4.0.4", product_id: "T038386-fixed", product_identification_helper: { cpe: "cpe:/a:oracle:communications:10.4.0.4", }, }, }, { category: "product_version_range", name: "<=9.1.1.8.0", product: { name: "Oracle Communications <=9.1.1.8.0", product_id: "T038426", }, }, { category: "product_version_range", name: "<=9.1.1.8.0", product: { name: "Oracle Communications <=9.1.1.8.0", product_id: "T038426-fixed", }, }, ], category: "product_name", name: "Communications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-2068", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-2068", }, { cve: "CVE-2022-23437", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-23437", }, { cve: "CVE-2022-2601", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-2601", }, { cve: "CVE-2022-36760", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2022-36760", }, { cve: "CVE-2023-2953", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-2953", }, { cve: "CVE-2023-3635", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-3635", }, { cve: "CVE-2023-38408", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-38408", }, { cve: "CVE-2023-4043", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-4043", }, { cve: "CVE-2023-46136", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-46136", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-48795", }, { cve: "CVE-2023-51775", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-51775", }, { cve: "CVE-2023-5685", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-5685", }, { cve: "CVE-2023-6597", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-6597", }, { cve: "CVE-2023-6816", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-6816", }, { cve: "CVE-2024-0450", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-0450", }, { cve: "CVE-2024-22020", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-22020", }, { cve: "CVE-2024-22257", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-22257", }, { cve: "CVE-2024-22262", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-22262", }, { cve: "CVE-2024-23672", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-23672", }, { cve: "CVE-2024-2398", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-2398", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-25638", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-25638", }, { cve: "CVE-2024-26308", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-26308", }, { cve: "CVE-2024-28182", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-28182", }, { cve: "CVE-2024-28849", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-28849", }, { cve: "CVE-2024-29025", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-29025", }, { cve: "CVE-2024-29736", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-29736", }, { cve: "CVE-2024-29857", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-29857", }, { cve: "CVE-2024-30251", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-30251", }, { cve: "CVE-2024-31080", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-31080", }, { cve: "CVE-2024-31744", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-31744", }, { cve: "CVE-2024-32760", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-32760", }, { cve: "CVE-2024-33602", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-33602", }, { cve: "CVE-2024-34750", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-34750", }, { cve: "CVE-2024-37371", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-37371", }, { cve: "CVE-2024-37891", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-37891", }, { cve: "CVE-2024-38816", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-38816", }, { cve: "CVE-2024-40898", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-40898", }, { cve: "CVE-2024-43044", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-43044", }, { cve: "CVE-2024-45492", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-45492", }, { cve: "CVE-2024-4577", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-4577", }, { cve: "CVE-2024-4603", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-4603", }, { cve: "CVE-2024-5971", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-5971", }, { cve: "CVE-2024-6162", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-6162", }, { cve: "CVE-2024-6387", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-6387", }, { cve: "CVE-2024-7254", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T036209", "T036205", "T036206", "T036207", "T036208", "T034147", "T038386", "T034146", "T034145", "T034144", "T038382", "T038383", "T038384", "T038385", "T038380", "T038381", "T027338", "T027333", "T028684", "T038379", "T038376", "T038378", "T036195", "T038373", "T036196", "T032090", "T032091", ], last_affected: [ "T038426", "T036197", "T038375", "T038377", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-7254", }, ], }
WID-SEC-W-2024-0869
Vulnerability from csaf_certbund
Published
2024-04-16 22:00
Modified
2024-11-21 23:00
Summary
Oracle Communications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Communications umfasst branchenspezifische Lösungen für die Telekommunikationsbranche.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Communications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0869 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0869.json", }, { category: "self", summary: "WID-SEC-2024-0869 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0869", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - April 2024 - Appendix Oracle Communications vom 2024-04-16", url: "https://www.oracle.com/security-alerts/cpuapr2024.html#AppendixCGBU", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1878 vom 2024-04-18", url: "https://access.redhat.com/errata/RHSA-2024:1878", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202405-01 vom 2024-05-04", url: "https://security.gentoo.org/glsa/202405-01", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7987 vom 2024-10-10", url: "https://access.redhat.com/errata/RHSA-2024:7987", }, { category: "external", summary: "XEROX Security Advisory XRX24-017 vom 2024-11-21", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, ], source_lang: "en-US", title: "Oracle Communications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-21T23:00:00.000+00:00", generator: { date: "2024-11-22T10:07:06.493+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-0869", initial_release_date: "2024-04-16T22:00:00.000+00:00", revision_history: [ { date: "2024-04-16T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-04-17T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-05-05T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Gentoo aufgenommen", }, { date: "2024-10-10T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-21T23:00:00.000+00:00", number: "5", summary: "Neue Updates von XEROX aufgenommen", }, ], status: "final", version: "5", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { branches: [ { category: "product_version", name: "5", product: { name: "Oracle Communications 5.0", product_id: "T021645", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.0", }, }, }, { category: "product_version", name: "22.4.0", product: { name: "Oracle Communications 22.4.0", product_id: "T024981", product_identification_helper: { cpe: "cpe:/a:oracle:communications:22.4.0", }, }, }, { category: "product_version", name: "23.1.0", product: { name: "Oracle Communications 23.1.0", product_id: "T027326", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.1.0", }, }, }, { category: "product_version", name: "23.2.0", product: { name: "Oracle Communications 23.2.0", product_id: "T028682", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.2.0", }, }, }, { category: "product_version", name: "5.1", product: { name: "Oracle Communications 5.1", product_id: "T028684", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.1", }, }, }, { category: "product_version", name: "23.2.2", product: { name: "Oracle Communications 23.2.2", product_id: "T030583", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.2.2", }, }, }, { category: "product_version", name: "23.3.0", product: { name: "Oracle Communications 23.3.0", product_id: "T030586", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.3.0", }, }, }, { category: "product_version", name: "9.0.0.0", product: { name: "Oracle Communications 9.0.0.0", product_id: "T030589", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.0.0.0", }, }, }, { category: "product_version_range", name: "<=7.2.1.0.0", product: { name: "Oracle Communications <=7.2.1.0.0", product_id: "T030593", }, }, { category: "product_version_range", name: "<=7.2.1.0.0", product: { name: "Oracle Communications <=7.2.1.0.0", product_id: "T030593-fixed", }, }, { category: "product_version_range", name: "<=9.0.2", product: { name: "Oracle Communications <=9.0.2", product_id: "T030595", }, }, { category: "product_version_range", name: "<=9.0.2", product: { name: "Oracle Communications <=9.0.2", product_id: "T030595-fixed", }, }, { category: "product_version", name: "23.3.1", product: { name: "Oracle Communications 23.3.1", product_id: "T032088", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.3.1", }, }, }, { category: "product_version", name: "23.4.0", product: { name: "Oracle Communications 23.4.0", product_id: "T032091", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.0", }, }, }, { category: "product_version", name: "23.4.1", product: { name: "Oracle Communications 23.4.1", product_id: "T034143", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.4.1", }, }, }, { category: "product_version_range", name: "<=23.4.2", product: { name: "Oracle Communications <=23.4.2", product_id: "T034144", }, }, { category: "product_version_range", name: "<=23.4.2", product: { name: "Oracle Communications <=23.4.2", product_id: "T034144-fixed", }, }, { category: "product_version", name: "24.1.0", product: { name: "Oracle Communications 24.1.0", product_id: "T034145", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0", }, }, }, { category: "product_version", name: "5.2", product: { name: "Oracle Communications 5.2", product_id: "T034146", product_identification_helper: { cpe: "cpe:/a:oracle:communications:5.2", }, }, }, { category: "product_version", name: "24.1.0.0.0", product: { name: "Oracle Communications 24.1.0.0.0", product_id: "T034147", product_identification_helper: { cpe: "cpe:/a:oracle:communications:24.1.0.0.0", }, }, }, { category: "product_version", name: "23.3.2", product: { name: "Oracle Communications 23.3.2", product_id: "T034148", product_identification_helper: { cpe: "cpe:/a:oracle:communications:23.3.2", }, }, }, { category: "product_version", name: "14.0.0.0.0", product: { name: "Oracle Communications 14.0.0.0.0", product_id: "T034149", product_identification_helper: { cpe: "cpe:/a:oracle:communications:14.0.0.0.0", }, }, }, { category: "product_version", name: "9.1.1.7.0", product: { name: "Oracle Communications 9.1.1.7.0", product_id: "T034150", product_identification_helper: { cpe: "cpe:/a:oracle:communications:9.1.1.7.0", }, }, }, ], category: "product_name", name: "Communications", }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { branches: [ { category: "product_version", name: "v9", product: { name: "Xerox FreeFlow Print Server v9", product_id: "T015632", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9", }, }, }, ], category: "product_name", name: "FreeFlow Print Server", }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2022-40152", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-40152", }, { cve: "CVE-2022-40896", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-40896", }, { cve: "CVE-2022-45688", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2022-45688", }, { cve: "CVE-2023-2283", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-2283", }, { cve: "CVE-2023-31122", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-31122", }, { cve: "CVE-2023-33201", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-33201", }, { cve: "CVE-2023-34053", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-34053", }, { cve: "CVE-2023-34055", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-34055", }, { cve: "CVE-2023-4016", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-4016", }, { cve: "CVE-2023-41056", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-41056", }, { cve: "CVE-2023-43496", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-43496", }, { cve: "CVE-2023-44487", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-44487", }, { cve: "CVE-2023-45142", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-45142", }, { cve: "CVE-2023-4641", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-4641", }, { cve: "CVE-2023-46589", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-46589", }, { cve: "CVE-2023-47100", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-47100", }, { cve: "CVE-2023-4863", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-4863", }, { cve: "CVE-2023-48795", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-48795", }, { cve: "CVE-2023-49083", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-49083", }, { cve: "CVE-2023-5072", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-5072", }, { cve: "CVE-2023-51074", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-51074", }, { cve: "CVE-2023-51257", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-51257", }, { cve: "CVE-2023-51775", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-51775", }, { cve: "CVE-2023-5341", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-5341", }, { cve: "CVE-2023-5363", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-5363", }, { cve: "CVE-2023-6507", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2023-6507", }, { cve: "CVE-2024-1635", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-1635", }, { cve: "CVE-2024-21626", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-21626", }, { cve: "CVE-2024-22201", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22201", }, { cve: "CVE-2024-22233", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22233", }, { cve: "CVE-2024-22257", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22257", }, { cve: "CVE-2024-22259", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-22259", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-26130", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-26130", }, { cve: "CVE-2024-26308", notes: [ { category: "description", text: "In Oracle Communications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T028682", "T034149", "T030586", "T034148", "T030589", "67646", "T034143", "T015632", "T012167", "T034147", "T034146", "T030583", "T034145", "T032088", "T034150", "T021645", "T032091", "T027326", "T024981", "T028684", ], last_affected: [ "T030595", "T030593", "T034144", ], }, release_date: "2024-04-16T22:00:00.000+00:00", title: "CVE-2024-26308", }, ], }
WID-SEC-W-2024-1307
Vulnerability from csaf_certbund
Published
2024-06-06 22:00
Modified
2024-11-11 23:00
Summary
Red Hat OpenShift Service Mesh Containers: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh Containers ausnutzen, um Dateien zu manipulieren, einen 'Denial of Service'-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Red Hat OpenShift Service Mesh Containers ausnutzen, um Dateien zu manipulieren, einen 'Denial of Service'-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1307 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1307.json", }, { category: "self", summary: "WID-SEC-2024-1307 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1307", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3680 vom 2024-06-06", url: "https://access.redhat.com/errata/RHSA-2024:3680", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3683 vom 2024-06-06", url: "https://access.redhat.com/errata/RHSA-2024:3683", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3790 vom 2024-06-11", url: "https://access.redhat.com/errata/RHSA-2024:3790", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:3314 vom 2024-06-13", url: "https://access.redhat.com/errata/RHSA-2024:3314", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:1616 vom 2024-07-01", url: "https://access.redhat.com/errata/RHSA-2024:1616", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:4553 vom 2024-07-16", url: "https://access.redhat.com/errata/RHSA-2024:4553", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:7184 vom 2024-10-03", url: "https://access.redhat.com/errata/RHSA-2024:7184", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8688 vom 2024-11-06", url: "https://access.redhat.com/errata/RHSA-2024:8688", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8692 vom 2024-11-07", url: "https://access.redhat.com/errata/RHSA-2024:8692", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:9088 vom 2024-11-12", url: "https://access.redhat.com/errata/RHSA-2024:9088", }, ], source_lang: "en-US", title: "Red Hat OpenShift Service Mesh Containers: Mehrere Schwachstellen", tracking: { current_release_date: "2024-11-11T23:00:00.000+00:00", generator: { date: "2024-11-12T11:13:17.378+00:00", engine: { name: "BSI-WID", version: "1.3.8", }, }, id: "WID-SEC-W-2024-1307", initial_release_date: "2024-06-06T22:00:00.000+00:00", revision_history: [ { date: "2024-06-06T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-06-10T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-13T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-06-18T22:00:00.000+00:00", number: "4", summary: "Korrektur Plattformauswahl", }, { date: "2024-06-30T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-07-15T22:00:00.000+00:00", number: "6", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-03T22:00:00.000+00:00", number: "7", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-06T23:00:00.000+00:00", number: "8", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-11-11T23:00:00.000+00:00", number: "9", summary: "Neue Updates von Red Hat aufgenommen", }, ], status: "final", version: "9", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_version", name: "9", product: { name: "Red Hat Enterprise Linux 9", product_id: "T038901", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:9", }, }, }, ], category: "product_name", name: "Enterprise Linux", }, { branches: [ { category: "product_version_range", name: "Service Mesh Containers <2.5.2", product: { name: "Red Hat OpenShift Service Mesh Containers <2.5.2", product_id: "T035259", }, }, { category: "product_version", name: "Service Mesh Containers 2.5.2", product: { name: "Red Hat OpenShift Service Mesh Containers 2.5.2", product_id: "T035259-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:service_mesh_containers__2.5.2", }, }, }, { category: "product_version_range", name: "Service Mesh Containers <2.4.8", product: { name: "Red Hat OpenShift Service Mesh Containers <2.4.8", product_id: "T035260", }, }, { category: "product_version", name: "Service Mesh Containers 2.4.8", product: { name: "Red Hat OpenShift Service Mesh Containers 2.4.8", product_id: "T035260-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:service_mesh_containers__2.4.8", }, }, }, { category: "product_version", name: "Run Once Duration Override Operator 1", product: { name: "Red Hat OpenShift Run Once Duration Override Operator 1", product_id: "T035698", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:run_once_duration_override_operator_1", }, }, }, { category: "product_version_range", name: "Container Platform <4.14.38", product: { name: "Red Hat OpenShift Container Platform <4.14.38", product_id: "T037940", }, }, { category: "product_version", name: "Container Platform 4.14.38", product: { name: "Red Hat OpenShift Container Platform 4.14.38", product_id: "T037940-fixed", product_identification_helper: { cpe: "cpe:/a:redhat:openshift:container_platform__4.14.38", }, }, }, ], category: "product_name", name: "OpenShift", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2021-25220", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2021-25220", }, { cve: "CVE-2021-43618", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2021-43618", }, { cve: "CVE-2021-46848", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2021-46848", }, { cve: "CVE-2022-1271", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-1271", }, { cve: "CVE-2022-2795", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-2795", }, { cve: "CVE-2022-3094", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-3094", }, { cve: "CVE-2022-36227", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-36227", }, { cve: "CVE-2022-47024", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-47024", }, { cve: "CVE-2022-47629", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-47629", }, { cve: "CVE-2022-48303", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-48303", }, { cve: "CVE-2022-48468", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-48468", }, { cve: "CVE-2022-48554", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-48554", }, { cve: "CVE-2022-48624", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2022-48624", }, { cve: "CVE-2023-22745", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-22745", }, { cve: "CVE-2023-2602", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-2602", }, { cve: "CVE-2023-2603", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-2603", }, { cve: "CVE-2023-29491", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-29491", }, { cve: "CVE-2023-2975", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-2975", }, { cve: "CVE-2023-3446", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-3446", }, { cve: "CVE-2023-36054", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-36054", }, { cve: "CVE-2023-3817", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-3817", }, { cve: "CVE-2023-39975", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-39975", }, { cve: "CVE-2023-4408", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-4408", }, { cve: "CVE-2023-44487", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-44487", }, { cve: "CVE-2023-45288", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-45288", }, { cve: "CVE-2023-4641", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-4641", }, { cve: "CVE-2023-4692", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-4692", }, { cve: "CVE-2023-4693", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-4693", }, { cve: "CVE-2023-47038", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-47038", }, { cve: "CVE-2023-50387", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-50387", }, { cve: "CVE-2023-50868", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-50868", }, { cve: "CVE-2023-5517", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-5517", }, { cve: "CVE-2023-5678", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-5678", }, { cve: "CVE-2023-5679", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-5679", }, { cve: "CVE-2023-6004", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-6004", }, { cve: "CVE-2023-6129", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-6129", }, { cve: "CVE-2023-6237", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-6237", }, { cve: "CVE-2023-6516", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-6516", }, { cve: "CVE-2023-6597", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-6597", }, { cve: "CVE-2023-6918", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-6918", }, { cve: "CVE-2023-7008", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-7008", }, { cve: "CVE-2023-7104", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2023-7104", }, { cve: "CVE-2024-0450", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-0450", }, { cve: "CVE-2024-0727", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-0727", }, { cve: "CVE-2024-1048", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-1048", }, { cve: "CVE-2024-1313", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-1313", }, { cve: "CVE-2024-1394", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-1394", }, { cve: "CVE-2024-22195", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-22195", }, { cve: "CVE-2024-22365", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-22365", }, { cve: "CVE-2024-24786", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-24786", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-26458", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-26458", }, { cve: "CVE-2024-26461", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-26461", }, { cve: "CVE-2024-28834", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-28834", }, { cve: "CVE-2024-28835", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-28835", }, { cve: "CVE-2024-2961", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-2961", }, { cve: "CVE-2024-33599", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-33599", }, { cve: "CVE-2024-33600", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-33600", }, { cve: "CVE-2024-33601", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-33601", }, { cve: "CVE-2024-33602", notes: [ { category: "description", text: "In Red Hat OpenShift existieren mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie der Libksba-Library, BIND, gmp und der Tar-Paketkomponente aufgrund einer Race Condition, einer NULL-Zeiger-Dereferenz, einem Speicherzuordnungsproblem und mehr. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, einen Denial of Service-Zustand erzuegen, beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder weitere nicht spezifizierte Angriffe durchzuführen.", }, ], product_status: { known_affected: [ "T035259", "T038901", "67646", "T035260", "T037940", "T035698", ], }, release_date: "2024-06-06T22:00:00.000+00:00", title: "CVE-2024-33602", }, ], }
wid-sec-w-2024-1638
Vulnerability from csaf_certbund
Published
2024-07-16 22:00
Modified
2024-07-16 22:00
Summary
Oracle Financial Services Applications: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.
Angriff
Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Oracle Financial Services ist eine Zusammenstellung von Anwendungen für den Finanzsektor und eine Technologiebasis zur Erfüllung von IT- und Geschäftsanforderungen.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle Financial Services Applications ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-1638 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1638.json", }, { category: "self", summary: "WID-SEC-2024-1638 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1638", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle Financial Services Applications vom 2024-07-16", url: "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixIFLX", }, ], source_lang: "en-US", title: "Oracle Financial Services Applications: Mehrere Schwachstellen", tracking: { current_release_date: "2024-07-16T22:00:00.000+00:00", generator: { date: "2024-08-15T18:11:26.257+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-1638", initial_release_date: "2024-07-16T22:00:00.000+00:00", revision_history: [ { date: "2024-07-16T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "8.1.1", product: { name: "Oracle Financial Services Applications 8.1.1", product_id: "T019891", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.1", }, }, }, { category: "product_version", name: "8.0.7", product: { name: "Oracle Financial Services Applications 8.0.7", product_id: "T021676", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.7", }, }, }, { category: "product_version", name: "8.0.8", product: { name: "Oracle Financial Services Applications 8.0.8", product_id: "T021677", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8", }, }, }, { category: "product_version", name: "8.1.1.1", product: { name: "Oracle Financial Services Applications 8.1.1.1", product_id: "T022835", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.1.1", }, }, }, { category: "product_version", name: "8.0.8.0", product: { name: "Oracle Financial Services Applications 8.0.8.0", product_id: "T022841", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8.0", }, }, }, { category: "product_version", name: "8.0.8.1", product: { name: "Oracle Financial Services Applications 8.0.8.1", product_id: "T022844", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8.1", }, }, }, { category: "product_version", name: "8.0.7.3", product: { name: "Oracle Financial Services Applications 8.0.7.3", product_id: "T024989", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.7.3", }, }, }, { category: "product_version", name: "14.7.0.0.0", product: { name: "Oracle Financial Services Applications 14.7.0.0.0", product_id: "T028702", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.7.0.0.0", }, }, }, { category: "product_version", name: "8.1.2", product: { name: "Oracle Financial Services Applications 8.1.2", product_id: "T028705", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2", }, }, }, { category: "product_version", name: "8.1.2.5", product: { name: "Oracle Financial Services Applications 8.1.2.5", product_id: "T028706", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.5", }, }, }, { category: "product_version", name: "8.1.2.6", product: { name: "Oracle Financial Services Applications 8.1.2.6", product_id: "T032104", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.6", }, }, }, { category: "product_version", name: "14.5.0.0.0", product: { name: "Oracle Financial Services Applications 14.5.0.0.0", product_id: "T034160", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.5.0.0.0", }, }, }, { category: "product_version", name: "14.6.0.0.0", product: { name: "Oracle Financial Services Applications 14.6.0.0.0", product_id: "T034161", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.6.0.0.0", }, }, }, { category: "product_version", name: "2.12.0.0.0", product: { name: "Oracle Financial Services Applications 2.12.0.0.0", product_id: "T034162", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.12.0.0.0", }, }, }, { category: "product_version", name: "2.7.0.0.0", product: { name: "Oracle Financial Services Applications 2.7.0.0.0", product_id: "T034163", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.7.0.0.0", }, }, }, { category: "product_version", name: "14.4.0.0.0", product: { name: "Oracle Financial Services Applications 14.4.0.0.0", product_id: "T036215", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:14.4.0.0.0", }, }, }, { category: "product_version", name: "8.0.8.3", product: { name: "Oracle Financial Services Applications 8.0.8.3", product_id: "T036216", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8.3", }, }, }, { category: "product_version", name: "8.1.2.7", product: { name: "Oracle Financial Services Applications 8.1.2.7", product_id: "T036217", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.7", }, }, }, { category: "product_version", name: "8.0.8.2.8", product: { name: "Oracle Financial Services Applications 8.0.8.2.8", product_id: "T036218", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.0.8.2.8", }, }, }, { category: "product_version", name: "8.1.1.1.18", product: { name: "Oracle Financial Services Applications 8.1.1.1.18", product_id: "T036219", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.1.1.18", }, }, }, { category: "product_version", name: "8.1.2.6.4", product: { name: "Oracle Financial Services Applications 8.1.2.6.4", product_id: "T036220", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.6.4", }, }, }, { category: "product_version", name: "8.1.2.7.3", product: { name: "Oracle Financial Services Applications 8.1.2.7.3", product_id: "T036221", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:8.1.2.7.3", }, }, }, { category: "product_version", name: "6.0.0.0.0", product: { name: "Oracle Financial Services Applications 6.0.0.0.0", product_id: "T036222", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:6.0.0.0.0", }, }, }, { category: "product_version", name: "6.1.0.0.0", product: { name: "Oracle Financial Services Applications 6.1.0.0.0", product_id: "T036223", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:6.1.0.0.0", }, }, }, { category: "product_version", name: "2.4.0.0.0", product: { name: "Oracle Financial Services Applications 2.4.0.0.0", product_id: "T036224", product_identification_helper: { cpe: "cpe:/a:oracle:financial_services_applications:2.4.0.0.0", }, }, }, ], category: "product_name", name: "Financial Services Applications", }, ], category: "vendor", name: "Oracle", }, ], }, vulnerabilities: [ { cve: "CVE-2022-36944", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2022-36944", }, { cve: "CVE-2023-26031", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-26031", }, { cve: "CVE-2023-34055", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-34055", }, { cve: "CVE-2023-44483", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-44483", }, { cve: "CVE-2023-47248", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-47248", }, { cve: "CVE-2023-50447", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-50447", }, { cve: "CVE-2023-51074", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-51074", }, { cve: "CVE-2023-52425", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-52425", }, { cve: "CVE-2023-6129", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2023-6129", }, { cve: "CVE-2024-21188", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-21188", }, { cve: "CVE-2024-22201", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-22201", }, { cve: "CVE-2024-22262", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-22262", }, { cve: "CVE-2024-23807", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-23807", }, { cve: "CVE-2024-24549", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-24549", }, { cve: "CVE-2024-24816", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-24816", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-2511", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-2511", }, { cve: "CVE-2024-26308", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-26308", }, { cve: "CVE-2024-29025", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-29025", }, { cve: "CVE-2024-29133", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-29133", }, { cve: "CVE-2024-32114", notes: [ { category: "description", text: "In Oracle Financial Services Applications existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer oder authentisierter Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"HOCH\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T032104", "T036223", "T036224", "T034163", "T034162", "T019891", "T036220", "T036221", "T036222", "T021677", "T022844", "T021676", "T024989", "T028705", "T034161", "T022841", "T028706", "T034160", "T028702", "T036216", "T036217", "T036218", "T036219", "T036215", "T022835", ], }, release_date: "2024-07-16T22:00:00.000+00:00", title: "CVE-2024-32114", }, ], }
wid-sec-w-2024-3189
Vulnerability from csaf_certbund
Published
2024-10-15 22:00
Modified
2025-01-13 23:00
Summary
Oracle Java SE: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Die Java Platform, Standard Edition (SE) ist eine Sammlung von Java-APIs (JDK) und der Java Laufzeit Umgebung (JRE).", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Java SE ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.", title: "Angriff", }, { category: "general", text: "- Linux\n- Sonstiges\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-3189 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3189.json", }, { category: "self", summary: "WID-SEC-2024-3189 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3189", }, { category: "external", summary: "Oracle Critical Patch Update Advisory - October 2024 - Appendix Oracle Java SE vom 2024-10-15", url: "https://www.oracle.com/security-alerts/cpuoct2024.html#AppendixJAVA", }, { category: "external", summary: "Azul Zulu builds of OpenJDK vom 2024-10-15", url: "https://docs.azul.com/core/pdfs/october-2024/azul-zulu-ca-release-notes-october-2024-rev1.0.pdf", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8120 vom 2024-10-16", url: "https://access.redhat.com/errata/RHSA-2024:8120", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8121 vom 2024-10-16", url: "https://access.redhat.com/errata/RHSA-2024:8121", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8122 vom 2024-10-16", url: "https://access.redhat.com/errata/RHSA-2024:8122", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8119 vom 2024-10-16", url: "https://access.redhat.com/errata/RHSA-2024:8119", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8124 vom 2024-10-16", url: "https://access.redhat.com/errata/RHSA-2024:8124", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8118 vom 2024-10-16", url: "https://access.redhat.com/errata/RHSA-2024:8118", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8128 vom 2024-10-16", url: "https://access.redhat.com/errata/RHSA-2024:8128", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8129 vom 2024-10-16", url: "https://access.redhat.com/errata/RHSA-2024:8129", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8125 vom 2024-10-16", url: "https://access.redhat.com/errata/RHSA-2024:8125", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8127 vom 2024-10-16", url: "https://access.redhat.com/errata/RHSA-2024:8127", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8123 vom 2024-10-16", url: "https://access.redhat.com/errata/RHSA-2024:8123", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8126 vom 2024-10-16", url: "https://access.redhat.com/errata/RHSA-2024:8126", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-8121 vom 2024-10-18", url: "https://linux.oracle.com/errata/ELSA-2024-8121.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8116 vom 2024-10-17", url: "https://access.redhat.com/errata/RHSA-2024:8116", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:8117 vom 2024-10-17", url: "https://rhn.redhat.com/errata/RHSA-2024:8117.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-8127 vom 2024-10-18", url: "https://linux.oracle.com/errata/ELSA-2024-8127.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-8117 vom 2024-10-18", url: "https://linux.oracle.com/errata/ELSA-2024-8117.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-8124 vom 2024-10-18", url: "https://linux.oracle.com/errata/ELSA-2024-8124.html", }, { category: "external", summary: "Debian Security Advisory DLA-3929 vom 2024-10-21", url: "https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html", }, { category: "external", summary: "Debian Security Advisory DLA-3927 vom 2024-10-21", url: "https://lists.debian.org/debian-lts-announce/2024/10/msg00018.html", }, { category: "external", summary: "Debian Security Advisory DSA-5794 vom 2024-10-21", url: "https://lists.debian.org/debian-security-announce/2024/msg00208.html", }, { category: "external", summary: "OpenJDK Vulnerability Advisory", url: "https://openjdk.org/groups/vulnerability/advisories/2024-10-15", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3802-1 vom 2024-10-30", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019718.html", }, { category: "external", summary: "IBM Security Bulletin", url: "https://www.ibm.com/support/pages/node/7174634", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14449-1 vom 2024-11-02", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CYPS4PNCRNNFM3OYJLTXOMYVAPX5WDWV/", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14448-1 vom 2024-11-02", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KDGJD2OULS4GVLFGY4DZH6L7TX3XS7RK/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3875-1 vom 2024-11-01", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/GLU5JTTGFTD7YI4RRECCJZQWTOZHUSNK/", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2024-147 vom 2024-11-07", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-147/index.html", }, { category: "external", summary: "openSUSE Security Update OPENSUSE-SU-2024:14465-1 vom 2024-11-07", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XKGLVFB244SXCHDTKBD64C7SBDSC7V7W/", }, { category: "external", summary: "Ubuntu Security Notice USN-7097-1 vom 2024-11-11", url: "https://ubuntu.com/security/notices/USN-7097-1", }, { category: "external", summary: "Ubuntu Security Notice USN-7096-1 vom 2024-11-11", url: "https://ubuntu.com/security/notices/USN-7096-1", }, { category: "external", summary: "Ubuntu Security Notice USN-7099-1 vom 2024-11-11", url: "https://ubuntu.com/security/notices/USN-7099-1", }, { category: "external", summary: "Ubuntu Security Notice USN-7098-1 vom 2024-11-11", url: "https://ubuntu.com/security/notices/USN-7098-1", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3963-1 vom 2024-11-11", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019804.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3963-1 vom 2024-11-11", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YF4VNHR3FWXUMWTELTEOVDEWZ6SVMYHZ/", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:3987-1 vom 2024-11-13", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019817.html", }, { category: "external", summary: "Ubuntu Security Notice USN-7124-1 vom 2024-11-25", url: "https://ubuntu.com/security/notices/USN-7124-1", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-8116 vom 2024-11-28", url: "https://linux.oracle.com/errata/ELSA-2024-8116.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2024-8120 vom 2024-11-28", url: "https://linux.oracle.com/errata/ELSA-2024-8120.html", }, { category: "external", summary: "Dell Security Advisory DSA-2024-477 vom 2024-12-03", url: "https://www.dell.com/support/kbdoc/de-de/000255884/dsa-2024-477-security-update-for-dell-networker-runtime-environment-nre-multiple-component-vulnerabilities", }, { category: "external", summary: "IBM Security Bulletin 7177827 vom 2024-12-04", url: "https://www.ibm.com/support/pages/node/7177827", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:4202-1 vom 2024-12-05", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/XPEHHO3XQ47QD6IA2ZDPCOMANOINIDBP/", }, { category: "external", summary: "IBM Security Bulletin 7177984 vom 2024-12-05", url: "https://www.ibm.com/support/pages/node/7177984", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:4252-1 vom 2024-12-06", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-December/019963.html", }, { category: "external", summary: "IBM Security Bulletin 7178094 vom 2024-12-06", url: "https://www.ibm.com/support/pages/node/7178094", }, { category: "external", summary: "Gentoo Linux Security Advisory GLSA-202412-07 vom 2024-12-07", url: "https://security.gentoo.org/glsa/202412-07", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2024:10926 vom 2024-12-10", url: "https://access.redhat.com/errata/RHSA-2024:10926", }, { category: "external", summary: "IBM Security Bulletin 7178390 vom 2024-12-10", url: "https://www.ibm.com/support/pages/node/7178390", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2024:4306-1 vom 2024-12-12", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/MXBN2J5OLQHHEFQZKWDMPVG3S6TODMOZ/", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2024-2720 vom 2024-12-20", url: "https://alas.aws.amazon.com/AL2/ALAS-2024-2720.html", }, { category: "external", summary: "IBM Security Bulletin 7180215 vom 2025-01-03", url: "https://www.ibm.com/support/pages/node/7180215", }, { category: "external", summary: "IBM Security Bulletin 7180388 vom 2025-01-13", url: "https://www.ibm.com/support/pages/node/7180388", }, ], source_lang: "en-US", title: "Oracle Java SE: Mehrere Schwachstellen", tracking: { current_release_date: "2025-01-13T23:00:00.000+00:00", generator: { date: "2025-01-14T13:43:43.133+00:00", engine: { name: "BSI-WID", version: "1.3.10", }, }, id: "WID-SEC-W-2024-3189", initial_release_date: "2024-10-15T22:00:00.000+00:00", revision_history: [ { date: "2024-10-15T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-10-16T22:00:00.000+00:00", number: "2", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2024-10-17T22:00:00.000+00:00", number: "3", summary: "Neue Updates von Oracle Linux und Red Hat aufgenommen", }, { date: "2024-10-20T22:00:00.000+00:00", number: "4", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-10-21T22:00:00.000+00:00", number: "5", summary: "Neue Updates von Debian aufgenommen", }, { date: "2024-10-28T23:00:00.000+00:00", number: "6", summary: "Neue Updates aufgenommen", }, { date: "2024-10-30T23:00:00.000+00:00", number: "7", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-10-31T23:00:00.000+00:00", number: "8", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-11-03T23:00:00.000+00:00", number: "9", summary: "Neue Updates von openSUSE und SUSE aufgenommen", }, { date: "2024-11-06T23:00:00.000+00:00", number: "10", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2024-11-07T23:00:00.000+00:00", number: "11", summary: "Neue Updates von openSUSE aufgenommen", }, { date: "2024-11-10T23:00:00.000+00:00", number: "12", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2024-11-13T23:00:00.000+00:00", number: "13", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-11-24T23:00:00.000+00:00", number: "14", summary: "Neue Updates von Ubuntu aufgenommen", }, { date: "2024-11-28T23:00:00.000+00:00", number: "15", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2024-12-02T23:00:00.000+00:00", number: "16", summary: "Neue Updates von Dell aufgenommen", }, { date: "2024-12-04T23:00:00.000+00:00", number: "17", summary: "Neue Updates von IBM aufgenommen", }, { date: "2024-12-05T23:00:00.000+00:00", number: "18", summary: "Neue Updates von SUSE und IBM aufgenommen", }, { date: "2024-12-08T23:00:00.000+00:00", number: "19", summary: "Neue Updates von SUSE, IBM und Gentoo aufgenommen", }, { date: "2024-12-10T23:00:00.000+00:00", number: "20", summary: "Neue Updates von Red Hat, IBM und IBM-APAR aufgenommen", }, { date: "2024-12-12T23:00:00.000+00:00", number: "21", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2024-12-19T23:00:00.000+00:00", number: "22", summary: "Neue Updates von Amazon aufgenommen", }, { date: "2025-01-05T23:00:00.000+00:00", number: "23", summary: "Neue Updates von IBM aufgenommen", }, { date: "2025-01-13T23:00:00.000+00:00", number: "24", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "24", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { category: "product_name", name: "Azul Zulu", product: { name: "Azul Zulu", product_id: "T036273", product_identification_helper: { cpe: "cpe:/a:azul:zulu:-", }, }, }, ], category: "vendor", name: "Azul", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { branches: [ { category: "product_version_range", name: "Runtime Environment <8.0.23", product: { name: "Dell NetWorker Runtime Environment <8.0.23", product_id: "T039544", }, }, { category: "product_version", name: "Runtime Environment 8.0.23", product: { name: "Dell NetWorker Runtime Environment 8.0.23", product_id: "T039544-fixed", product_identification_helper: { cpe: "cpe:/a:dell:networker:runtime_environment__8.0.23", }, }, }, ], category: "product_name", name: "NetWorker", }, ], category: "vendor", name: "Dell", }, { branches: [ { category: "product_name", name: "Gentoo Linux", product: { name: "Gentoo Linux", product_id: "T012167", product_identification_helper: { cpe: "cpe:/o:gentoo:linux:-", }, }, }, ], category: "vendor", name: "Gentoo", }, { branches: [ { category: "product_name", name: "Hitachi Command Suite", product: { name: "Hitachi Command Suite", product_id: "T038839", product_identification_helper: { cpe: "cpe:/a:hitachi:command_suite:-", }, }, }, { category: "product_name", name: "Hitachi Configuration Manager", product: { name: "Hitachi Configuration Manager", product_id: "T038841", product_identification_helper: { cpe: "cpe:/a:hitachi:configuration_manager:-", }, }, }, { category: "product_name", name: "Hitachi Ops Center", product: { name: "Hitachi Ops Center", product_id: "T038840", product_identification_helper: { cpe: "cpe:/a:hitachi:ops_center:-", }, }, }, ], category: "vendor", name: "Hitachi", }, { branches: [ { branches: [ { category: "product_version_range", name: "<13.0.2.0", product: { name: "IBM App Connect Enterprise <13.0.2.0", product_id: "T039657", }, }, { category: "product_version", name: "13.0.2.0", product: { name: "IBM App Connect Enterprise 13.0.2.0", product_id: "T039657-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:13.0.2.0", }, }, }, { category: "product_version_range", name: "<12.0.12.9", product: { name: "IBM App Connect Enterprise <12.0.12.9", product_id: "T039658", }, }, { category: "product_version", name: "12.0.12.9", product: { name: "IBM App Connect Enterprise 12.0.12.9", product_id: "T039658-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:12.0.12.9", }, }, }, ], category: "product_name", name: "App Connect Enterprise", }, { branches: [ { category: "product_version", name: "11.7", product: { name: "IBM InfoSphere Information Server 11.7", product_id: "444803", product_identification_helper: { cpe: "cpe:/a:ibm:infosphere_information_server:11.7", }, }, }, ], category: "product_name", name: "InfoSphere Information Server", }, { category: "product_name", name: "IBM Java", product: { name: "IBM Java", product_id: "10699", product_identification_helper: { cpe: "cpe:/a:ibm:jre:-", }, }, }, { branches: [ { category: "product_version_range", name: "<7.5.0 UP10 IF01", product: { name: "IBM QRadar SIEM <7.5.0 UP10 IF01", product_id: "T038741", }, }, { category: "product_version", name: "7.5.0 UP10 IF01", product: { name: "IBM QRadar SIEM 7.5.0 UP10 IF01", product_id: "T038741-fixed", product_identification_helper: { cpe: "cpe:/a:ibm:qradar_siem:7.5.0_up10_if01", }, }, }, ], category: "product_name", name: "QRadar SIEM", }, { branches: [ { category: "product_version", name: "6.3.0", product: { name: "IBM Sterling Connect:Direct 6.3.0", product_id: "T040001", product_identification_helper: { cpe: "cpe:/a:ibm:sterling_connect%3adirect:6.3.0", }, }, }, { category: "product_version", name: "6.4.0", product: { name: "IBM Sterling Connect:Direct 6.4.0", product_id: "T040002", product_identification_helper: { cpe: "cpe:/a:ibm:sterling_connect%3adirect:6.4.0", }, }, }, ], category: "product_name", name: "Sterling Connect:Direct", }, { branches: [ { category: "product_version", name: "8.5", product: { name: "IBM WebSphere Application Server 8.5", product_id: "703851", product_identification_helper: { cpe: "cpe:/a:ibm:websphere_application_server:8.5", }, }, }, { category: "product_version", name: "9", product: { name: "IBM WebSphere Application Server 9.0", product_id: "703852", product_identification_helper: { cpe: "cpe:/a:ibm:websphere_application_server:9.0", }, }, }, { category: "product_version", name: "liberty", product: { name: "IBM WebSphere Application Server liberty", product_id: "T011504", product_identification_helper: { cpe: "cpe:/a:ibm:websphere_application_server:liberty", }, }, }, ], category: "product_name", name: "WebSphere Application Server", }, { branches: [ { category: "product_version", name: "8.5", product: { name: "IBM WebSphere Service Registry and Repository 8.5", product_id: "306235", product_identification_helper: { cpe: "cpe:/a:ibm:websphere_service_registry_and_repository:8.5", }, }, }, ], category: "product_name", name: "WebSphere Service Registry and Repository", }, ], category: "vendor", name: "IBM", }, { branches: [ { category: "product_name", name: "Open Source OpenJDK", product: { name: "Open Source OpenJDK", product_id: "580789", product_identification_helper: { cpe: "cpe:/a:oracle:openjdk:-", }, }, }, ], category: "vendor", name: "Open Source", }, { branches: [ { branches: [ { category: "product_version", name: "Oracle GraalVM for JDK 17.0.12", product: { name: "Oracle Java SE Oracle GraalVM for JDK 17.0.12", product_id: "T038438", product_identification_helper: { cpe: "cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12", }, }, }, { category: "product_version", name: "Oracle GraalVM for JDK 21.0.4", product: { name: "Oracle Java SE Oracle GraalVM for JDK 21.0.4", product_id: "T038439", product_identification_helper: { cpe: "cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4", }, }, }, { category: "product_version", name: "Oracle GraalVM for JDK 23", product: { name: "Oracle Java SE Oracle GraalVM for JDK 23", product_id: "T038440", product_identification_helper: { cpe: "cpe:/a:oracle:java_se:oracle_graalvm_for_jdk_23", }, }, }, { category: "product_version", name: "Oracle Java SE 8u421", product: { name: "Oracle Java SE Oracle Java SE 8u421", product_id: "T038441", product_identification_helper: { cpe: "cpe:/a:oracle:java_se:oracle_java_se_8u421", }, }, }, { category: "product_version", name: "Oracle GraalVM Enterprise Edition 20.3.15", product: { name: "Oracle Java SE Oracle GraalVM Enterprise Edition 20.3.15", product_id: "T038442", product_identification_helper: { cpe: "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15", }, }, }, { category: "product_version", name: "Oracle GraalVM Enterprise Edition 21.3.11", product: { name: "Oracle Java SE Oracle GraalVM Enterprise Edition 21.3.11", product_id: "T038443", product_identification_helper: { cpe: "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11", }, }, }, { category: "product_version", name: "Oracle Java SE 11.0.24", product: { name: "Oracle Java SE Oracle Java SE 11.0.24", product_id: "T038444", product_identification_helper: { cpe: "cpe:/a:oracle:java_se:oracle_java_se_11.0.24", }, }, }, { category: "product_version", name: "Oracle Java SE 17.0.12", product: { name: "Oracle Java SE Oracle Java SE 17.0.12", product_id: "T038445", product_identification_helper: { cpe: "cpe:/a:oracle:java_se:oracle_java_se_17.0.12", }, }, }, { category: "product_version", name: "Oracle Java SE 23", product: { name: "Oracle Java SE Oracle Java SE 23", product_id: "T038447", product_identification_helper: { cpe: "cpe:/a:oracle:java_se:oracle_java_se_23", }, }, }, { category: "product_version", name: "Oracle Java SE 21.0.4", product: { name: "Oracle Java SE Oracle Java SE 21.0.4", product_id: "T038448", product_identification_helper: { cpe: "cpe:/a:oracle:java_se:oracle_java_se_21.0.4", }, }, }, { category: "product_version", name: "Oracle GraalVM Enterprise Edition: 20.3.15", product: { name: "Oracle Java SE Oracle GraalVM Enterprise Edition: 20.3.15", product_id: "T038449", product_identification_helper: { cpe: "cpe:/a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15", }, }, }, ], category: "product_name", name: "Java SE", }, { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, { category: "product_name", name: "SUSE openSUSE", product: { name: "SUSE openSUSE", product_id: "T027843", product_identification_helper: { cpe: "cpe:/o:suse:opensuse:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2023-42950", notes: [ { category: "description", text: "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T011504", "T038449", "67646", "T038445", "T038841", "T038447", "T039658", "T038448", "T039657", "T004914", "703851", "T038441", "703852", "T038442", "T038443", "T038741", "T038840", "T038444", "T038440", "398363", "10699", "T038839", "T038438", "T038439", "T012167", "T039544", "T036273", "2951", "T002207", "T000126", "444803", "580789", "T027843", "T040002", "T040001", "306235", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2023-42950", }, { cve: "CVE-2024-21208", notes: [ { category: "description", text: "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T011504", "T038449", "67646", "T038445", "T038841", "T038447", "T039658", "T038448", "T039657", "T004914", "703851", "T038441", "703852", "T038442", "T038443", "T038741", "T038840", "T038444", "T038440", "398363", "10699", "T038839", "T038438", "T038439", "T012167", "T039544", "T036273", "2951", "T002207", "T000126", "444803", "580789", "T027843", "T040002", "T040001", "306235", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-21208", }, { cve: "CVE-2024-21210", notes: [ { category: "description", text: "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T011504", "T038449", "67646", "T038445", "T038841", "T038447", "T039658", "T038448", "T039657", "T004914", "703851", "T038441", "703852", "T038442", "T038443", "T038741", "T038840", "T038444", "T038440", "398363", "10699", "T038839", "T038438", "T038439", "T012167", "T039544", "T036273", "2951", "T002207", "T000126", "444803", "580789", "T027843", "T040002", "T040001", "306235", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-21210", }, { cve: "CVE-2024-21211", notes: [ { category: "description", text: "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T011504", "T038449", "67646", "T038445", "T038841", "T038447", "T039658", "T038448", "T039657", "T004914", "703851", "T038441", "703852", "T038442", "T038443", "T038741", "T038840", "T038444", "T038440", "398363", "10699", "T038839", "T038438", "T038439", "T012167", "T039544", "T036273", "2951", "T002207", "T000126", "444803", "580789", "T027843", "T040002", "T040001", "306235", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-21211", }, { cve: "CVE-2024-21217", notes: [ { category: "description", text: "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T011504", "T038449", "67646", "T038445", "T038841", "T038447", "T039658", "T038448", "T039657", "T004914", "703851", "T038441", "703852", "T038442", "T038443", "T038741", "T038840", "T038444", "T038440", "398363", "10699", "T038839", "T038438", "T038439", "T012167", "T039544", "T036273", "2951", "T002207", "T000126", "444803", "580789", "T027843", "T040002", "T040001", "306235", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-21217", }, { cve: "CVE-2024-21235", notes: [ { category: "description", text: "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T011504", "T038449", "67646", "T038445", "T038841", "T038447", "T039658", "T038448", "T039657", "T004914", "703851", "T038441", "703852", "T038442", "T038443", "T038741", "T038840", "T038444", "T038440", "398363", "10699", "T038839", "T038438", "T038439", "T012167", "T039544", "T036273", "2951", "T002207", "T000126", "444803", "580789", "T027843", "T040002", "T040001", "306235", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-21235", }, { cve: "CVE-2024-25062", notes: [ { category: "description", text: "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T011504", "T038449", "67646", "T038445", "T038841", "T038447", "T039658", "T038448", "T039657", "T004914", "703851", "T038441", "703852", "T038442", "T038443", "T038741", "T038840", "T038444", "T038440", "398363", "10699", "T038839", "T038438", "T038439", "T012167", "T039544", "T036273", "2951", "T002207", "T000126", "444803", "580789", "T027843", "T040002", "T040001", "306235", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-25062", }, { cve: "CVE-2024-36138", notes: [ { category: "description", text: "In Oracle Java SE existieren mehrere Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein entfernter, anonymer Angreifer die Vertraulichkeit, Integrität und Verfügbarkeit gefährden. Für die Ausnutzung einiger dieser Schwachstellen ist keine Benutzerinteraktion notwendig. Oracle veröffentlicht keine weiteren Details zu diesen Schwachstellen (außer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadenshöhe ausschließlich auf Basis der CVSS Impact Matrix. Der Maximalwert für diese Produkte ist \"HIGH\" für \"Confidentiality\", \"Integrity\" und \"Availability\" über alle Schwachstellen aggregiert und bewirkt damit eine Bewertung mit dem Wert \"MITTEL\" für die Schadenshöhe.", }, ], product_status: { known_affected: [ "T011504", "T038449", "67646", "T038445", "T038841", "T038447", "T039658", "T038448", "T039657", "T004914", "703851", "T038441", "703852", "T038442", "T038443", "T038741", "T038840", "T038444", "T038440", "398363", "10699", "T038839", "T038438", "T038439", "T012167", "T039544", "T036273", "2951", "T002207", "T000126", "444803", "580789", "T027843", "T040002", "T040001", "306235", ], }, release_date: "2024-10-15T22:00:00.000+00:00", title: "CVE-2024-36138", }, ], }
ghsa-x77r-6xxm-wjmx
Vulnerability from github
Published
2024-02-04 18:30
Modified
2024-02-13 03:30
Severity ?
Details
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
{ affected: [], aliases: [ "CVE-2024-25062", ], database_specific: { cwe_ids: [ "CWE-416", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2024-02-04T16:15:45Z", severity: "HIGH", }, details: "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", id: "GHSA-x77r-6xxm-wjmx", modified: "2024-02-13T03:30:19Z", published: "2024-02-04T18:30:19Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-25062", }, { type: "WEB", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { type: "WEB", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, ], }
icsa-23-166-11
Vulnerability from csaf_cisa
Published
2023-06-13 00:00
Modified
2024-04-09 00:00
Summary
Siemens SIMATIC S7-1500 TM MFP Linux Kernel
Notes
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.0.
Siemens has released a new version for SIMATIC S7-1500 TM MFP - GNU/Linux subsystem and recommends to update to the latest version.
This advisory lists vulnerabilities for firmware version V1.0 only; for V1.1 refer to Siemens Security Advisory SSA-265688 (
https://cert-portal.siemens.com/productcert/html/ssa-265688.html).
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{ document: { acknowledgments: [ { organization: "Siemens ProductCERT", summary: "reporting these vulnerabilities to CISA.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.0.\n\nSiemens has released a new version for SIMATIC S7-1500 TM MFP - GNU/Linux subsystem and recommends to update to the latest version.\n\nThis advisory lists vulnerabilities for firmware version V1.0 only; for V1.1 refer to Siemens Security Advisory SSA-265688 (\nhttps://cert-portal.siemens.com/productcert/html/ssa-265688.html).", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "other", text: "This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.", title: "Advisory Conversion Disclaimer", }, { category: "other", text: "Multiple", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", title: "Recommended Practices", }, { category: "general", text: "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", title: "Recommended Practices", }, { category: "general", text: "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", title: "Recommended Practices", }, { category: "general", text: "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", title: "Recommended Practices", }, { category: "general", text: "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", title: "Recommended Practices", }, { category: "general", text: "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, ], publisher: { category: "other", contact_details: "central@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-794697.json", }, { category: "self", summary: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", }, { category: "self", summary: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794697.pdf", }, { category: "self", summary: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-794697.txt", }, { category: "self", summary: "ICS Advisory ICSA-23-166-11 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-166-11.json", }, { category: "self", summary: "ICS Advisory ICSA-23-166-11 - Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-11", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/topics/industrial-control-systems", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, ], title: "Siemens SIMATIC S7-1500 TM MFP Linux Kernel", tracking: { current_release_date: "2024-04-09T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-23-166-11", initial_release_date: "2023-06-13T00:00:00.000000Z", revision_history: [ { date: "2023-06-13T00:00:00.000000Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, { date: "2023-07-11T00:00:00.000000Z", legacy_version: "1.1", number: "2", summary: "Added CVE-2022-4269, CVE-2023-3141, CVE-2023-3268, CVE-2023-31436, CVE-2023-32233", }, { date: "2023-08-08T00:00:00.000000Z", legacy_version: "1.2", number: "3", summary: "Added CVE-2023-3446, CVE-2023-3389, CVE-2022-1015, \r\nCVE-2023-3609", }, { date: "2023-09-12T00:00:00.000000Z", legacy_version: "1.3", number: "4", summary: "Added CVE-2023-3338", }, { date: "2023-11-14T00:00:00.000000Z", legacy_version: "1.4", number: "5", summary: "Added CVE-2023-1206, CVE-2023-2898, CVE-2023-3610, CVE-2023-3611, CVE-2023-3772, CVE-2023-3773, CVE-2023-3777, CVE-2023-4004, CVE-2023-4015, CVE-2023-4273, CVE-2023-4623, CVE-2023-4921, CVE-2023-35001, CVE-2023-37453, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42753, CVE-2023-42755", }, { date: "2023-12-12T00:00:00.000000Z", legacy_version: "1.5", number: "6", summary: "Added CVE-2021-44879, CVE-2023-5178, CVE-2023-5197, CVE-2023-5678, CVE-2023-5717, CVE-2023-31085, CVE-2023-35827, CVE-2023-39189, CVE-2023-42754, CVE-2023-45863, CVE-2023-45871", }, { date: "2024-01-09T00:00:00.000000Z", legacy_version: "1.6", number: "7", summary: "Added CVE-2023-48795", }, { date: "2024-02-13T00:00:00.000000Z", legacy_version: "1.7", number: "8", summary: "Added CVE-2020-12762, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932, CVE-2023-7008, CVE-2023-7104, CVE-2023-36660, CVE-2023-50495, CVE-2023-51384, CVE-2023-51385, CVE-2023-51767, CVE-2024-0232, CVE-2024-0553, CVE-2024-0567, CVE-2024-0584, CVE-2024-0684, CVE-2024-22365, CVE-2024-25062", }, { date: "2024-04-09T00:00:00.000000Z", legacy_version: "1.8", number: "9", summary: "Added fix for SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", }, ], status: "final", version: "9", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V1.1", product: { name: "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2020-12762", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "summary", text: "json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2020-12762", }, { cve: "CVE-2021-3759", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-3759", }, { cve: "CVE-2021-4037", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "summary", text: "A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-4037", }, { cve: "CVE-2021-33655", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-33655", }, { cve: "CVE-2021-44879", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2021-44879", }, { cve: "CVE-2022-0171", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-0171", }, { cve: "CVE-2022-1012", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "summary", text: "A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-1012", }, { cve: "CVE-2022-1015", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-1015", }, { cve: "CVE-2022-1184", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-1184", }, { cve: "CVE-2022-1292", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "summary", text: "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-1292", }, { cve: "CVE-2022-1343", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "summary", text: "Under certain circumstances, the command line OCSP verify function reports successful verification when the verification in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-1343", }, { cve: "CVE-2022-1434", cwe: { id: "CWE-327", name: "Use of a Broken or Risky Cryptographic Algorithm", }, notes: [ { category: "summary", text: "When using the RC4-MD5 ciphersuite, which is disabled by default, an attacker is able to modify data in transit due to an incorrect use of the AAD data as the MAC key in OpenSSL 3.0. An attacker is not able to decrypt any communication.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-1434", }, { cve: "CVE-2022-1462", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-1462", }, { cve: "CVE-2022-1473", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "summary", text: "The used OpenSSL version improperly reuses memory when decoding certificates or keys. This can lead to a process termination and Denial of Service for long lived processes.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-1473", }, { cve: "CVE-2022-1679", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-1679", }, { cve: "CVE-2022-1852", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-1852", }, { cve: "CVE-2022-1882", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-1882", }, { cve: "CVE-2022-2068", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "summary", text: "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2068", }, { cve: "CVE-2022-2078", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "summary", text: "A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2078", }, { cve: "CVE-2022-2097", cwe: { id: "CWE-326", name: "Inadequate Encryption Strength", }, notes: [ { category: "summary", text: "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2097", }, { cve: "CVE-2022-2153", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2153", }, { cve: "CVE-2022-2274", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2274", }, { cve: "CVE-2022-2327", cwe: { id: "CWE-415", name: "Double Free", }, notes: [ { category: "summary", text: "io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2327", }, { cve: "CVE-2022-2503", cwe: { id: "CWE-287", name: "Improper Authentication", }, notes: [ { category: "summary", text: "Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2503", }, { cve: "CVE-2022-2586", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2586", }, { cve: "CVE-2022-2588", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2588", }, { cve: "CVE-2022-2602", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel. A race issue occurs between an io_uring request and the Unix socket garbage collector, allowing an attacker local privilege escalation.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2602", }, { cve: "CVE-2022-2663", cwe: { id: "CWE-923", name: "Improper Restriction of Communication Channel to Intended Endpoints", }, notes: [ { category: "summary", text: "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2663", }, { cve: "CVE-2022-2905", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2905", }, { cve: "CVE-2022-2959", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2959", }, { cve: "CVE-2022-2978", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-2978", }, { cve: "CVE-2022-3028", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3028", }, { cve: "CVE-2022-3104", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3104", }, { cve: "CVE-2022-3115", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3115", }, { cve: "CVE-2022-3169", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3169", }, { cve: "CVE-2022-3303", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3303", }, { cve: "CVE-2022-3521", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3521", }, { cve: "CVE-2022-3524", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3524", }, { cve: "CVE-2022-3534", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3534", }, { cve: "CVE-2022-3545", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3545", }, { cve: "CVE-2022-3564", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3564", }, { cve: "CVE-2022-3565", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3565", }, { cve: "CVE-2022-3586", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3586", }, { cve: "CVE-2022-3594", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3594", }, { cve: "CVE-2022-3606", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3606", }, { cve: "CVE-2022-3621", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3621", }, { cve: "CVE-2022-3625", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3625", }, { cve: "CVE-2022-3628", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "summary", text: "A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3628", }, { cve: "CVE-2022-3629", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3629", }, { cve: "CVE-2022-3633", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "summary", text: "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3633", }, { cve: "CVE-2022-3635", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3635", }, { cve: "CVE-2022-3646", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "summary", text: "A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3646", }, { cve: "CVE-2022-3649", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-3649", }, { cve: "CVE-2022-4095", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-4095", }, { cve: "CVE-2022-4129", cwe: { id: "CWE-667", name: "Improper Locking", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-4129", }, { cve: "CVE-2022-4139", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "summary", text: "An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-4139", }, { cve: "CVE-2022-4269", cwe: { id: "CWE-833", name: "Deadlock", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action \"mirred\") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-4269", }, { cve: "CVE-2022-4304", cwe: { id: "CWE-326", name: "Inadequate Encryption Strength", }, notes: [ { category: "summary", text: "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-4304", }, { cve: "CVE-2022-4450", cwe: { id: "CWE-415", name: "Double Free", }, notes: [ { category: "summary", text: "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-4450", }, { cve: "CVE-2022-4662", cwe: { id: "CWE-455", name: "Non-exit on Failed Initialization", }, notes: [ { category: "summary", text: "A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-4662", }, { cve: "CVE-2022-20421", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-20421", }, { cve: "CVE-2022-20422", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-20422", }, { cve: "CVE-2022-20566", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-20566", }, { cve: "CVE-2022-20572", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "summary", text: "In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-20572", }, { cve: "CVE-2022-21123", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "summary", text: "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-21123", }, { cve: "CVE-2022-21125", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "summary", text: "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-21125", }, { cve: "CVE-2022-21166", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "summary", text: "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-21166", }, { cve: "CVE-2022-21505", cwe: { id: "CWE-305", name: "Authentication Bypass by Primary Weakness", }, notes: [ { category: "summary", text: "A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-21505", }, { cve: "CVE-2022-26373", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "summary", text: "Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-26373", }, { cve: "CVE-2022-32250", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-32250", }, { cve: "CVE-2022-32296", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, notes: [ { category: "summary", text: "The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (\"Double-Hash Port Selection Algorithm\") of RFC 6056.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-32296", }, { cve: "CVE-2022-34918", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-34918", }, { cve: "CVE-2022-36123", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "summary", text: "The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-36123", }, { cve: "CVE-2022-36280", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-36280", }, { cve: "CVE-2022-36879", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-36879", }, { cve: "CVE-2022-36946", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-36946", }, { cve: "CVE-2022-39188", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-39188", }, { cve: "CVE-2022-39190", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-39190", }, { cve: "CVE-2022-40307", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-40307", }, { cve: "CVE-2022-40768", cwe: { id: "CWE-668", name: "Exposure of Resource to Wrong Sphere", }, notes: [ { category: "summary", text: "drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-40768", }, { cve: "CVE-2022-41218", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-41218", }, { cve: "CVE-2022-41222", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-41222", }, { cve: "CVE-2022-41674", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-41674", }, { cve: "CVE-2022-41849", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-41849", }, { cve: "CVE-2022-41850", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-41850", }, { cve: "CVE-2022-42328", cwe: { id: "CWE-667", name: "Improper Locking", }, notes: [ { category: "summary", text: "Guests can trigger deadlock in Linux netback driver [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-42328", }, { cve: "CVE-2022-42329", cwe: { id: "CWE-667", name: "Improper Locking", }, notes: [ { category: "summary", text: "Guests can trigger deadlock in Linux netback drive. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-42329", }, { cve: "CVE-2022-42432", cwe: { id: "CWE-457", name: "Use of Uninitialized Variable", }, notes: [ { category: "summary", text: "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-42432", }, { cve: "CVE-2022-42703", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-42703", }, { cve: "CVE-2022-42719", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-42719", }, { cve: "CVE-2022-42720", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-42720", }, { cve: "CVE-2022-42721", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "summary", text: "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-42721", }, { cve: "CVE-2022-42722", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-42722", }, { cve: "CVE-2022-42895", cwe: { id: "CWE-824", name: "Access of Uninitialized Pointer", }, notes: [ { category: "summary", text: "There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-42895", }, { cve: "CVE-2022-42896", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-42896", }, { cve: "CVE-2022-43750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-43750", }, { cve: "CVE-2022-47518", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-47518", }, { cve: "CVE-2022-47520", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-47520", }, { cve: "CVE-2022-47929", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with \"tc qdisc\" and \"tc class\" commands. This affects qdisc_graft in net/sched/sch_api.c.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-47929", }, { cve: "CVE-2022-47946", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2022-47946", }, { cve: "CVE-2023-0215", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-0215", }, { cve: "CVE-2023-0286", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-0286", }, { cve: "CVE-2023-0464", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "summary", text: "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing the `-policy` argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()` function.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-0464", }, { cve: "CVE-2023-0465", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "summary", text: "Applications that use a non-default option when verifying certificates may be\r\nvulnerable to an attack from a malicious CA to circumvent certain checks.\r\n\r\nInvalid certificate policies in leaf certificates are silently ignored by\r\nOpenSSL and other certificate policy checks are skipped for that certificate.\r\nA malicious CA could use this to deliberately assert invalid certificate policies\r\nin order to circumvent policy checking on the certificate altogether.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\r\nthe `-policy` argument to the command line utilities or by calling the\r\n`X509_VERIFY_PARAM_set1_policies()` function.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-0465", }, { cve: "CVE-2023-0466", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "summary", text: "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-0466", }, { cve: "CVE-2023-0590", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-0590", }, { cve: "CVE-2023-1077", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-1077", }, { cve: "CVE-2023-1095", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-1095", }, { cve: "CVE-2023-1206", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-1206", }, { cve: "CVE-2023-2898", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-2898", }, { cve: "CVE-2023-3141", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-3141", }, { cve: "CVE-2023-3268", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-3268", }, { cve: "CVE-2023-3338", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-3338", }, { cve: "CVE-2023-3389", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\r\n\r\nWe recommend upgrading past commit `ef7dfac51d8ed961b742218f526bd589f3900a59` \r\n(`4716c73b188566865bdd79c3a6709696a224ac04` for 5.10 stable and \r\n`0e388fce7aec40992eadee654193cad345d62663` for 5.15 stable).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-3389", }, { cve: "CVE-2023-3446", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "summary", text: "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-3446", }, { cve: "CVE-2023-3609", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\r\n\r\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-3609", }, { cve: "CVE-2023-3610", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-3610", }, { cve: "CVE-2023-3611", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\r\n\r\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-3611", }, { cve: "CVE-2023-3772", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-3772", }, { cve: "CVE-2023-3773", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-3773", }, { cve: "CVE-2023-3777", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nWhen nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances.\n\nWe recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-3777", }, { cve: "CVE-2023-4004", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-4004", }, { cve: "CVE-2023-4015", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "The netfilter subsystem in the Linux kernel did not properly handle bound chain deactivation in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-4015", }, { cve: "CVE-2023-4273", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "summary", text: "This vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this vulnerability to overflow the kernel stack.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-4273", }, { cve: "CVE-2023-4623", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-4623", }, { cve: "CVE-2023-4911", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "summary", text: "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-4911", }, { cve: "CVE-2023-4921", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-4921", }, { cve: "CVE-2023-5178", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious local privileged user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-5178", }, { cve: "CVE-2023-5197", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nAddition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.\r\n\r\nWe recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-5197", }, { cve: "CVE-2023-5678", cwe: { id: "CWE-754", name: "Improper Check for Unusual or Exceptional Conditions", }, notes: [ { category: "summary", text: "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-5678", }, { cve: "CVE-2023-5717", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\r\n\r\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\r\n\r\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-5717", }, { cve: "CVE-2023-6606", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-6606", }, { cve: "CVE-2023-6931", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-6931", }, { cve: "CVE-2023-6932", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-6932", }, { cve: "CVE-2023-7008", cwe: { id: "CWE-300", name: "Channel Accessible by Non-Endpoint", }, notes: [ { category: "summary", text: "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-7008", }, { cve: "CVE-2023-7104", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "summary", text: "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-7104", }, { cve: "CVE-2023-23454", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-23454", }, { cve: "CVE-2023-23455", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-23455", }, { cve: "CVE-2023-23559", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "summary", text: "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-23559", }, { cve: "CVE-2023-26607", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-26607", }, { cve: "CVE-2023-31085", cwe: { id: "CWE-369", name: "Divide By Zero", }, notes: [ { category: "summary", text: "An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-31085", }, { cve: "CVE-2023-31436", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-31436", }, { cve: "CVE-2023-32233", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-32233", }, { cve: "CVE-2023-35001", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-35001", }, { cve: "CVE-2023-35827", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-35827", }, { cve: "CVE-2023-36660", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-36660", }, { cve: "CVE-2023-37453", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-37453", }, { cve: "CVE-2023-39189", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-39189", }, { cve: "CVE-2023-39192", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-39192", }, { cve: "CVE-2023-39193", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-39193", }, { cve: "CVE-2023-39194", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 3.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-39194", }, { cve: "CVE-2023-42753", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-42753", }, { cve: "CVE-2023-42754", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-42754", }, { cve: "CVE-2023-42755", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-42755", }, { cve: "CVE-2023-45863", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-45863", }, { cve: "CVE-2023-45871", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "summary", text: "An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-45871", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "summary", text: "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-50495", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-50495", }, { cve: "CVE-2023-51384", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-51384", }, { cve: "CVE-2023-51385", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "summary", text: "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-51385", }, { cve: "CVE-2023-51767", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-51767", }, { cve: "CVE-2024-0232", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-0232", }, { cve: "CVE-2024-0553", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, notes: [ { category: "summary", text: "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-0553", }, { cve: "CVE-2024-0567", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, notes: [ { category: "summary", text: "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-0567", }, { cve: "CVE-2024-0584", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-0584", }, { cve: "CVE-2024-0684", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "summary", text: "A flaw was found in the GNU coreutils \"split\" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-0684", }, { cve: "CVE-2024-22365", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-22365", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "CSAFPID-0001", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-25062", }, ], }
ICSA-24-228-06
Vulnerability from csaf_cisa
Published
2024-08-13 00:00
Modified
2024-08-13 00:00
Summary
Siemens SINEC NMS
Notes
Summary
SINEC NMS before V3.0 is affected by multiple vulnerabilities.
Siemens has released a new version for SINEC NMS and recommends to update to the latest version.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{ document: { acknowledgments: [ { organization: "Siemens ProductCERT", summary: "reporting these vulnerabilities to CISA.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "SINEC NMS before V3.0 is affected by multiple vulnerabilities.\n\nSiemens has released a new version for SINEC NMS and recommends to update to the latest version.", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "other", text: "This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.", title: "Advisory Conversion Disclaimer", }, { category: "other", text: "Multiple", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", title: "Recommended Practices", }, { category: "general", text: "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", title: "Recommended Practices", }, { category: "general", text: "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", title: "Recommended Practices", }, { category: "general", text: "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", title: "Recommended Practices", }, { category: "general", text: "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", title: "Recommended Practices", }, { category: "general", text: "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, ], publisher: { category: "other", contact_details: "central@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-784301.json", }, { category: "self", summary: "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", }, { category: "self", summary: "ICS Advisory ICSA-24-228-06 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-228-06.json", }, { category: "self", summary: "ICS Advisory ICSA-24-228-06 - Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-06", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/topics/industrial-control-systems", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, ], title: "Siemens SINEC NMS", tracking: { current_release_date: "2024-08-13T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-24-228-06", initial_release_date: "2024-08-13T00:00:00.000000Z", revision_history: [ { date: "2024-08-13T00:00:00.000000Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V3.0", product: { name: "SINEC NMS", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "SINEC NMS", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4611", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-4611", }, { cve: "CVE-2023-5868", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-5868", }, { cve: "CVE-2023-5869", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-5869", }, { cve: "CVE-2023-5870", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-5870", }, { cve: "CVE-2023-6378", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-6378", }, { cve: "CVE-2023-6481", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-6481", }, { cve: "CVE-2023-31122", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-31122", }, { cve: "CVE-2023-34050", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "summary", text: "In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if \r\n\r\n * the SimpleMessageConverter or SerializerMessageConverter is used \r\n * the user does not configure allowed list patterns \r\n * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-34050", }, { cve: "CVE-2023-39615", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-39615", }, { cve: "CVE-2023-42794", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "Incomplete Cleanup vulnerability in Apache Tomcat.\r\n\r\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \r\nin progress refactoring that exposed a potential denial of service on \r\nWindows if a web application opened a stream for an uploaded file but \r\nfailed to close the stream. The file would never be deleted from disk \r\ncreating the possibility of an eventual denial of service due to the \r\ndisk being full.\r\n\r\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-42794", }, { cve: "CVE-2023-42795", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \r\ncause Tomcat to skip some parts of the recycling process leading to \r\ninformation leaking from the current request/response to the next.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-42795", }, { cve: "CVE-2023-43622", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\r\nThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\r\n\r\nThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-43622", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-45648", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \r\ncrafted, invalid trailer header could cause Tomcat to treat a single \r\nrequest as multiple requests leading to the possibility of request \r\nsmuggling when behind a reverse proxy.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-45648", }, { cve: "CVE-2023-45802", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.\r\n\r\nThis was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-45802", }, { cve: "CVE-2023-46120", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-46120", }, { cve: "CVE-2023-46280", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-46280", }, { cve: "CVE-2023-46589", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-46589", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2023-52426", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "summary", text: "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-52426", }, { cve: "CVE-2024-0985", cwe: { id: "CWE-271", name: "Privilege Dropping / Lowering Errors", }, notes: [ { category: "summary", text: "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-0985", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "summary", text: "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28757", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "summary", text: "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-28757", }, { cve: "CVE-2024-36398", cwe: { id: "CWE-250", name: "Execution with Unnecessary Privileges", }, notes: [ { category: "summary", text: "The affected application executes a subset of its services as `NT AUTHORITY\\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-36398", }, { cve: "CVE-2024-41938", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "summary", text: "The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-41938", }, { cve: "CVE-2024-41939", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "summary", text: "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-41939", }, { cve: "CVE-2024-41940", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-41940", }, { cve: "CVE-2024-41941", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "summary", text: "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-41941", }, ], }
icsa-24-228-06
Vulnerability from csaf_cisa
Published
2024-08-13 00:00
Modified
2024-08-13 00:00
Summary
Siemens SINEC NMS
Notes
Summary
SINEC NMS before V3.0 is affected by multiple vulnerabilities.
Siemens has released a new version for SINEC NMS and recommends to update to the latest version.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{ document: { acknowledgments: [ { organization: "Siemens ProductCERT", summary: "reporting these vulnerabilities to CISA.", }, ], category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited", tlp: { label: "WHITE", url: "https://us-cert.cisa.gov/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "SINEC NMS before V3.0 is affected by multiple vulnerabilities.\n\nSiemens has released a new version for SINEC NMS and recommends to update to the latest version.", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, { category: "legal_disclaimer", text: "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.", title: "Legal Notice", }, { category: "other", text: "This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.", title: "Advisory Conversion Disclaimer", }, { category: "other", text: "Multiple", title: "Critical infrastructure sectors", }, { category: "other", text: "Worldwide", title: "Countries/areas deployed", }, { category: "other", text: "Germany", title: "Company headquarters location", }, { category: "general", text: "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.", title: "Recommended Practices", }, { category: "general", text: "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.", title: "Recommended Practices", }, { category: "general", text: "Locate control system networks and remote devices behind firewalls and isolate them from business networks.", title: "Recommended Practices", }, { category: "general", text: "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.", title: "Recommended Practices", }, { category: "general", text: "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.", title: "Recommended Practices", }, { category: "general", text: "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.", title: "Recommended Practices", }, { category: "general", text: "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.", title: "Recommended Practices", }, { category: "general", text: "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.", title: "Recommended Practices", }, ], publisher: { category: "other", contact_details: "central@cisa.dhs.gov", name: "CISA", namespace: "https://www.cisa.gov/", }, references: [ { category: "self", summary: "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-784301.json", }, { category: "self", summary: "SSA-784301: Multiple Vulnerabilities in SINEC NMS Before V3.0 - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", }, { category: "self", summary: "ICS Advisory ICSA-24-228-06 JSON", url: "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2024/icsa-24-228-06.json", }, { category: "self", summary: "ICS Advisory ICSA-24-228-06 - Web Version", url: "https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-06", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/topics/industrial-control-systems", }, { category: "external", summary: "Recommended Practices", url: "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf", }, { category: "external", summary: "Recommended Practices", url: "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B", }, ], title: "Siemens SINEC NMS", tracking: { current_release_date: "2024-08-13T00:00:00.000000Z", generator: { engine: { name: "CISA CSAF Generator", version: "1.0.0", }, }, id: "ICSA-24-228-06", initial_release_date: "2024-08-13T00:00:00.000000Z", revision_history: [ { date: "2024-08-13T00:00:00.000000Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V3.0", product: { name: "SINEC NMS", product_id: "CSAFPID-0001", }, }, ], category: "product_name", name: "SINEC NMS", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2023-4611", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-4611", }, { cve: "CVE-2023-5868", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-5868", }, { cve: "CVE-2023-5869", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-5869", }, { cve: "CVE-2023-5870", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-5870", }, { cve: "CVE-2023-6378", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A serialization vulnerability in logback receiver component part of logback version 1.4.11 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-6378", }, { cve: "CVE-2023-6481", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A serialization vulnerability in logback receiver component part of logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service attack by sending poisoned data", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-6481", }, { cve: "CVE-2023-31122", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-31122", }, { cve: "CVE-2023-34050", cwe: { id: "CWE-502", name: "Deserialization of Untrusted Data", }, notes: [ { category: "summary", text: "In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in messages from untrusted sources; however by default, when no allowed list was provided, all classes could be deserialized. Specifically, an application is vulnerable if \r\n\r\n * the SimpleMessageConverter or SerializerMessageConverter is used \r\n * the user does not configure allowed list patterns \r\n * untrusted message originators gain permissions to write messages to the RabbitMQ broker to send malicious content.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-34050", }, { cve: "CVE-2023-39615", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-39615", }, { cve: "CVE-2023-42794", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "Incomplete Cleanup vulnerability in Apache Tomcat.\r\n\r\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \r\nin progress refactoring that exposed a potential denial of service on \r\nWindows if a web application opened a stream for an uploaded file but \r\nfailed to close the stream. The file would never be deleted from disk \r\ncreating the possibility of an eventual denial of service due to the \r\ndisk being full.\r\n\r\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-42794", }, { cve: "CVE-2023-42795", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \r\ncause Tomcat to skip some parts of the recycling process leading to \r\ninformation leaking from the current request/response to the next.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-42795", }, { cve: "CVE-2023-43622", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "An attacker, opening a HTTP/2 connection with an initial window size of 0, was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known \"slow loris\" attack pattern.\r\nThis has been fixed in version 2.4.58, so that such connection are terminated properly after the configured connection timeout.\r\n\r\nThis issue affects Apache HTTP Server: from 2.4.55 through 2.4.57.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-43622", }, { cve: "CVE-2023-44487", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-44487", }, { cve: "CVE-2023-45648", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \r\ncrafted, invalid trailer header could cause Tomcat to treat a single \r\nrequest as multiple requests leading to the possibility of request \r\nsmuggling when behind a reverse proxy.\r\n\r\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-45648", }, { cve: "CVE-2023-45802", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.\r\n\r\nThis was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.\r\n\r\nUsers are recommended to upgrade to version 2.4.58, which fixes the issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-45802", }, { cve: "CVE-2023-46120", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-46120", }, { cve: "CVE-2023-46280", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-46280", }, { cve: "CVE-2023-46589", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-46589", }, { cve: "CVE-2023-52425", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-52425", }, { cve: "CVE-2023-52426", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "summary", text: "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2023-52426", }, { cve: "CVE-2024-0985", cwe: { id: "CWE-271", name: "Privilege Dropping / Lowering Errors", }, notes: [ { category: "summary", text: "Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. Versions before PostgreSQL 16.2, 15.6, 14.11, 13.14, and 12.18 are affected.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-0985", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-25062", }, { cve: "CVE-2024-28182", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, notes: [ { category: "summary", text: "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-28182", }, { cve: "CVE-2024-28757", cwe: { id: "CWE-776", name: "Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')", }, notes: [ { category: "summary", text: "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-28757", }, { cve: "CVE-2024-36398", cwe: { id: "CWE-250", name: "Execution with Unnecessary Privileges", }, notes: [ { category: "summary", text: "The affected application executes a subset of its services as `NT AUTHORITY\\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-36398", }, { cve: "CVE-2024-41938", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, notes: [ { category: "summary", text: "The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-41938", }, { cve: "CVE-2024-41939", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "summary", text: "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-41939", }, { cve: "CVE-2024-41940", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-41940", }, { cve: "CVE-2024-41941", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "summary", text: "The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.", title: "Summary", }, ], product_status: { known_affected: [ "CSAFPID-0001", ], }, remediations: [ { category: "vendor_fix", details: "Update to V3.0 or later version", product_ids: [ "CSAFPID-0001", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109973059/", }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "CSAFPID-0001", ], }, ], title: "CVE-2024-41941", }, ], }
SSA-794697
Vulnerability from csaf_siemens
Published
2023-06-13 00:00
Modified
2024-04-09 00:00
Summary
SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1
Notes
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.0.
Siemens has released a new version for SIMATIC S7-1500 TM MFP - GNU/Linux subsystem and recommends to update to the latest version.
This advisory lists vulnerabilities for firmware version V1.0 only; for V1.1 refer to Siemens Security Advisory SSA-265688 (
https://cert-portal.siemens.com/productcert/html/ssa-265688.html).
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited. (TLPv2: TLP:CLEAR)", tlp: { label: "WHITE", }, }, lang: "en", notes: [ { category: "summary", text: "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.0.\n\nSiemens has released a new version for SIMATIC S7-1500 TM MFP - GNU/Linux subsystem and recommends to update to the latest version.\n\nThis advisory lists vulnerabilities for firmware version V1.0 only; for V1.1 refer to Siemens Security Advisory SSA-265688 (\nhttps://cert-portal.siemens.com/productcert/html/ssa-265688.html).", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "productcert@siemens.com", name: "Siemens ProductCERT", namespace: "https://www.siemens.com", }, references: [ { category: "self", summary: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", }, { category: "self", summary: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-794697.json", }, { category: "self", summary: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794697.pdf", }, { category: "self", summary: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-794697.txt", }, ], title: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1", tracking: { current_release_date: "2024-04-09T00:00:00Z", generator: { engine: { name: "Siemens ProductCERT CSAF Generator", version: "1", }, }, id: "SSA-794697", initial_release_date: "2023-06-13T00:00:00Z", revision_history: [ { date: "2023-06-13T00:00:00Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, { date: "2023-07-11T00:00:00Z", legacy_version: "1.1", number: "2", summary: "Added CVE-2022-4269, CVE-2023-3141, CVE-2023-3268, CVE-2023-31436, CVE-2023-32233", }, { date: "2023-08-08T00:00:00Z", legacy_version: "1.2", number: "3", summary: "Added CVE-2023-3446, CVE-2023-3389, CVE-2022-1015, \r\nCVE-2023-3609", }, { date: "2023-09-12T00:00:00Z", legacy_version: "1.3", number: "4", summary: "Added CVE-2023-3338", }, { date: "2023-11-14T00:00:00Z", legacy_version: "1.4", number: "5", summary: "Added CVE-2023-1206, CVE-2023-2898, CVE-2023-3610, CVE-2023-3611, CVE-2023-3772, CVE-2023-3773, CVE-2023-3777, CVE-2023-4004, CVE-2023-4015, CVE-2023-4273, CVE-2023-4623, CVE-2023-4921, CVE-2023-35001, CVE-2023-37453, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42753, CVE-2023-42755", }, { date: "2023-12-12T00:00:00Z", legacy_version: "1.5", number: "6", summary: "Added CVE-2021-44879, CVE-2023-5178, CVE-2023-5197, CVE-2023-5678, CVE-2023-5717, CVE-2023-31085, CVE-2023-35827, CVE-2023-39189, CVE-2023-42754, CVE-2023-45863, CVE-2023-45871", }, { date: "2024-01-09T00:00:00Z", legacy_version: "1.6", number: "7", summary: "Added CVE-2023-48795", }, { date: "2024-02-13T00:00:00Z", legacy_version: "1.7", number: "8", summary: "Added CVE-2020-12762, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932, CVE-2023-7008, CVE-2023-7104, CVE-2023-36660, CVE-2023-50495, CVE-2023-51384, CVE-2023-51385, CVE-2023-51767, CVE-2024-0232, CVE-2024-0553, CVE-2024-0567, CVE-2024-0584, CVE-2024-0684, CVE-2024-22365, CVE-2024-25062", }, { date: "2024-04-09T00:00:00Z", legacy_version: "1.8", number: "9", summary: "Added fix for SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", }, ], status: "interim", version: "9", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V1.1", product: { name: "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", product_id: "1", }, }, ], category: "product_name", name: "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2020-12762", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "summary", text: "json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2020-12762", }, { cve: "CVE-2021-3759", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2021-3759", }, { cve: "CVE-2021-4037", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "summary", text: "A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2021-4037", }, { cve: "CVE-2021-33655", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2021-33655", }, { cve: "CVE-2021-44879", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2021-44879", }, { cve: "CVE-2022-0171", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-0171", }, { cve: "CVE-2022-1012", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "summary", text: "A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1012", }, { cve: "CVE-2022-1015", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1015", }, { cve: "CVE-2022-1184", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1184", }, { cve: "CVE-2022-1292", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "summary", text: "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1292", }, { cve: "CVE-2022-1343", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "summary", text: "Under certain circumstances, the command line OCSP verify function reports successful verification when the verification in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1343", }, { cve: "CVE-2022-1434", cwe: { id: "CWE-327", name: "Use of a Broken or Risky Cryptographic Algorithm", }, notes: [ { category: "summary", text: "When using the RC4-MD5 ciphersuite, which is disabled by default, an attacker is able to modify data in transit due to an incorrect use of the AAD data as the MAC key in OpenSSL 3.0. An attacker is not able to decrypt any communication.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1434", }, { cve: "CVE-2022-1462", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1462", }, { cve: "CVE-2022-1473", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "summary", text: "The used OpenSSL version improperly reuses memory when decoding certificates or keys. This can lead to a process termination and Denial of Service for long lived processes.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1473", }, { cve: "CVE-2022-1679", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1679", }, { cve: "CVE-2022-1852", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1852", }, { cve: "CVE-2022-1882", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1882", }, { cve: "CVE-2022-2068", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "summary", text: "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2068", }, { cve: "CVE-2022-2078", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "summary", text: "A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2078", }, { cve: "CVE-2022-2097", cwe: { id: "CWE-326", name: "Inadequate Encryption Strength", }, notes: [ { category: "summary", text: "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2097", }, { cve: "CVE-2022-2153", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2153", }, { cve: "CVE-2022-2274", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2274", }, { cve: "CVE-2022-2327", cwe: { id: "CWE-415", name: "Double Free", }, notes: [ { category: "summary", text: "io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2327", }, { cve: "CVE-2022-2503", cwe: { id: "CWE-287", name: "Improper Authentication", }, notes: [ { category: "summary", text: "Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2503", }, { cve: "CVE-2022-2586", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2586", }, { cve: "CVE-2022-2588", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2588", }, { cve: "CVE-2022-2602", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel. A race issue occurs between an io_uring request and the Unix socket garbage collector, allowing an attacker local privilege escalation.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2602", }, { cve: "CVE-2022-2663", cwe: { id: "CWE-923", name: "Improper Restriction of Communication Channel to Intended Endpoints", }, notes: [ { category: "summary", text: "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2663", }, { cve: "CVE-2022-2905", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2905", }, { cve: "CVE-2022-2959", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2959", }, { cve: "CVE-2022-2978", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2978", }, { cve: "CVE-2022-3028", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3028", }, { cve: "CVE-2022-3104", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3104", }, { cve: "CVE-2022-3115", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3115", }, { cve: "CVE-2022-3169", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3169", }, { cve: "CVE-2022-3303", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3303", }, { cve: "CVE-2022-3521", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3521", }, { cve: "CVE-2022-3524", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3524", }, { cve: "CVE-2022-3534", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3534", }, { cve: "CVE-2022-3545", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3545", }, { cve: "CVE-2022-3564", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3564", }, { cve: "CVE-2022-3565", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3565", }, { cve: "CVE-2022-3586", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3586", }, { cve: "CVE-2022-3594", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3594", }, { cve: "CVE-2022-3606", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3606", }, { cve: "CVE-2022-3621", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3621", }, { cve: "CVE-2022-3625", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3625", }, { cve: "CVE-2022-3628", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "summary", text: "A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3628", }, { cve: "CVE-2022-3629", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3629", }, { cve: "CVE-2022-3633", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "summary", text: "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3633", }, { cve: "CVE-2022-3635", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3635", }, { cve: "CVE-2022-3646", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "summary", text: "A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3646", }, { cve: "CVE-2022-3649", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3649", }, { cve: "CVE-2022-4095", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4095", }, { cve: "CVE-2022-4129", cwe: { id: "CWE-667", name: "Improper Locking", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4129", }, { cve: "CVE-2022-4139", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "summary", text: "An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4139", }, { cve: "CVE-2022-4269", cwe: { id: "CWE-833", name: "Deadlock", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action \"mirred\") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4269", }, { cve: "CVE-2022-4304", cwe: { id: "CWE-326", name: "Inadequate Encryption Strength", }, notes: [ { category: "summary", text: "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4304", }, { cve: "CVE-2022-4450", cwe: { id: "CWE-415", name: "Double Free", }, notes: [ { category: "summary", text: "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4450", }, { cve: "CVE-2022-4662", cwe: { id: "CWE-455", name: "Non-exit on Failed Initialization", }, notes: [ { category: "summary", text: "A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4662", }, { cve: "CVE-2022-20421", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-20421", }, { cve: "CVE-2022-20422", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-20422", }, { cve: "CVE-2022-20566", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-20566", }, { cve: "CVE-2022-20572", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "summary", text: "In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-20572", }, { cve: "CVE-2022-21123", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "summary", text: "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-21123", }, { cve: "CVE-2022-21125", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "summary", text: "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-21125", }, { cve: "CVE-2022-21166", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "summary", text: "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-21166", }, { cve: "CVE-2022-21505", cwe: { id: "CWE-305", name: "Authentication Bypass by Primary Weakness", }, notes: [ { category: "summary", text: "A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-21505", }, { cve: "CVE-2022-26373", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "summary", text: "Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-26373", }, { cve: "CVE-2022-32250", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-32250", }, { cve: "CVE-2022-32296", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, notes: [ { category: "summary", text: "The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (\"Double-Hash Port Selection Algorithm\") of RFC 6056.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-32296", }, { cve: "CVE-2022-34918", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-34918", }, { cve: "CVE-2022-36123", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "summary", text: "The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-36123", }, { cve: "CVE-2022-36280", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-36280", }, { cve: "CVE-2022-36879", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-36879", }, { cve: "CVE-2022-36946", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-36946", }, { cve: "CVE-2022-39188", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-39188", }, { cve: "CVE-2022-39190", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-39190", }, { cve: "CVE-2022-40307", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-40307", }, { cve: "CVE-2022-40768", cwe: { id: "CWE-668", name: "Exposure of Resource to Wrong Sphere", }, notes: [ { category: "summary", text: "drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-40768", }, { cve: "CVE-2022-41218", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-41218", }, { cve: "CVE-2022-41222", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-41222", }, { cve: "CVE-2022-41674", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-41674", }, { cve: "CVE-2022-41849", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-41849", }, { cve: "CVE-2022-41850", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-41850", }, { cve: "CVE-2022-42328", cwe: { id: "CWE-667", name: "Improper Locking", }, notes: [ { category: "summary", text: "Guests can trigger deadlock in Linux netback driver [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42328", }, { cve: "CVE-2022-42329", cwe: { id: "CWE-667", name: "Improper Locking", }, notes: [ { category: "summary", text: "Guests can trigger deadlock in Linux netback drive. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42329", }, { cve: "CVE-2022-42432", cwe: { id: "CWE-457", name: "Use of Uninitialized Variable", }, notes: [ { category: "summary", text: "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42432", }, { cve: "CVE-2022-42703", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42703", }, { cve: "CVE-2022-42719", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42719", }, { cve: "CVE-2022-42720", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42720", }, { cve: "CVE-2022-42721", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "summary", text: "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42721", }, { cve: "CVE-2022-42722", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42722", }, { cve: "CVE-2022-42895", cwe: { id: "CWE-824", name: "Access of Uninitialized Pointer", }, notes: [ { category: "summary", text: "There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42895", }, { cve: "CVE-2022-42896", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42896", }, { cve: "CVE-2022-43750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-43750", }, { cve: "CVE-2022-47518", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-47518", }, { cve: "CVE-2022-47520", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-47520", }, { cve: "CVE-2022-47929", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with \"tc qdisc\" and \"tc class\" commands. This affects qdisc_graft in net/sched/sch_api.c.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-47929", }, { cve: "CVE-2022-47946", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-47946", }, { cve: "CVE-2023-0215", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-0215", }, { cve: "CVE-2023-0286", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-0286", }, { cve: "CVE-2023-0464", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "summary", text: "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing the `-policy` argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()` function.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-0464", }, { cve: "CVE-2023-0465", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "summary", text: "Applications that use a non-default option when verifying certificates may be\r\nvulnerable to an attack from a malicious CA to circumvent certain checks.\r\n\r\nInvalid certificate policies in leaf certificates are silently ignored by\r\nOpenSSL and other certificate policy checks are skipped for that certificate.\r\nA malicious CA could use this to deliberately assert invalid certificate policies\r\nin order to circumvent policy checking on the certificate altogether.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\r\nthe `-policy` argument to the command line utilities or by calling the\r\n`X509_VERIFY_PARAM_set1_policies()` function.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-0465", }, { cve: "CVE-2023-0466", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "summary", text: "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-0466", }, { cve: "CVE-2023-0590", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-0590", }, { cve: "CVE-2023-1077", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-1077", }, { cve: "CVE-2023-1095", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-1095", }, { cve: "CVE-2023-1206", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-1206", }, { cve: "CVE-2023-2898", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-2898", }, { cve: "CVE-2023-3141", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3141", }, { cve: "CVE-2023-3268", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3268", }, { cve: "CVE-2023-3338", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3338", }, { cve: "CVE-2023-3389", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\r\n\r\nWe recommend upgrading past commit `ef7dfac51d8ed961b742218f526bd589f3900a59` \r\n(`4716c73b188566865bdd79c3a6709696a224ac04` for 5.10 stable and \r\n`0e388fce7aec40992eadee654193cad345d62663` for 5.15 stable).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3389", }, { cve: "CVE-2023-3446", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "summary", text: "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3446", }, { cve: "CVE-2023-3609", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\r\n\r\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3609", }, { cve: "CVE-2023-3610", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3610", }, { cve: "CVE-2023-3611", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\r\n\r\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3611", }, { cve: "CVE-2023-3772", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3772", }, { cve: "CVE-2023-3773", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3773", }, { cve: "CVE-2023-3777", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nWhen nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances.\n\nWe recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3777", }, { cve: "CVE-2023-4004", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-4004", }, { cve: "CVE-2023-4015", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "The netfilter subsystem in the Linux kernel did not properly handle bound chain deactivation in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-4015", }, { cve: "CVE-2023-4273", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "summary", text: "This vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this vulnerability to overflow the kernel stack.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-4273", }, { cve: "CVE-2023-4623", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-4623", }, { cve: "CVE-2023-4911", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "summary", text: "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-4911", }, { cve: "CVE-2023-4921", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-4921", }, { cve: "CVE-2023-5178", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious local privileged user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-5178", }, { cve: "CVE-2023-5197", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nAddition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.\r\n\r\nWe recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-5197", }, { cve: "CVE-2023-5678", cwe: { id: "CWE-754", name: "Improper Check for Unusual or Exceptional Conditions", }, notes: [ { category: "summary", text: "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-5678", }, { cve: "CVE-2023-5717", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\r\n\r\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\r\n\r\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-5717", }, { cve: "CVE-2023-6606", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-6606", }, { cve: "CVE-2023-6931", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-6931", }, { cve: "CVE-2023-6932", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-6932", }, { cve: "CVE-2023-7008", cwe: { id: "CWE-300", name: "Channel Accessible by Non-Endpoint", }, notes: [ { category: "summary", text: "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-7008", }, { cve: "CVE-2023-7104", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "summary", text: "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-7104", }, { cve: "CVE-2023-23454", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-23454", }, { cve: "CVE-2023-23455", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-23455", }, { cve: "CVE-2023-23559", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "summary", text: "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-23559", }, { cve: "CVE-2023-26607", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-26607", }, { cve: "CVE-2023-31085", cwe: { id: "CWE-369", name: "Divide By Zero", }, notes: [ { category: "summary", text: "An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-31085", }, { cve: "CVE-2023-31436", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-31436", }, { cve: "CVE-2023-32233", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-32233", }, { cve: "CVE-2023-35001", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-35001", }, { cve: "CVE-2023-35827", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-35827", }, { cve: "CVE-2023-36660", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-36660", }, { cve: "CVE-2023-37453", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-37453", }, { cve: "CVE-2023-39189", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-39189", }, { cve: "CVE-2023-39192", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-39192", }, { cve: "CVE-2023-39193", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-39193", }, { cve: "CVE-2023-39194", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 3.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-39194", }, { cve: "CVE-2023-42753", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-42753", }, { cve: "CVE-2023-42754", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-42754", }, { cve: "CVE-2023-42755", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-42755", }, { cve: "CVE-2023-45863", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-45863", }, { cve: "CVE-2023-45871", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "summary", text: "An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-45871", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "summary", text: "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-50495", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-50495", }, { cve: "CVE-2023-51384", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-51384", }, { cve: "CVE-2023-51385", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "summary", text: "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-51385", }, { cve: "CVE-2023-51767", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-51767", }, { cve: "CVE-2024-0232", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-0232", }, { cve: "CVE-2024-0553", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, notes: [ { category: "summary", text: "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-0553", }, { cve: "CVE-2024-0567", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, notes: [ { category: "summary", text: "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-0567", }, { cve: "CVE-2024-0584", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-0584", }, { cve: "CVE-2024-0684", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "summary", text: "A flaw was found in the GNU coreutils \"split\" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-0684", }, { cve: "CVE-2024-22365", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-22365", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-25062", }, ], }
ssa-794697
Vulnerability from csaf_siemens
Published
2023-06-13 00:00
Modified
2024-04-09 00:00
Summary
SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1
Notes
Summary
Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.0.
Siemens has released a new version for SIMATIC S7-1500 TM MFP - GNU/Linux subsystem and recommends to update to the latest version.
This advisory lists vulnerabilities for firmware version V1.0 only; for V1.1 refer to Siemens Security Advisory SSA-265688 (
https://cert-portal.siemens.com/productcert/html/ssa-265688.html).
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{ document: { category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Disclosure is not limited. (TLPv2: TLP:CLEAR)", tlp: { label: "WHITE", }, }, lang: "en", notes: [ { category: "summary", text: "Multiple vulnerabilities have been identified in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.0.\n\nSiemens has released a new version for SIMATIC S7-1500 TM MFP - GNU/Linux subsystem and recommends to update to the latest version.\n\nThis advisory lists vulnerabilities for firmware version V1.0 only; for V1.1 refer to Siemens Security Advisory SSA-265688 (\nhttps://cert-portal.siemens.com/productcert/html/ssa-265688.html).", title: "Summary", }, { category: "general", text: "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity", title: "General Recommendations", }, { category: "general", text: "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories", title: "Additional Resources", }, { category: "legal_disclaimer", text: "Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "productcert@siemens.com", name: "Siemens ProductCERT", namespace: "https://www.siemens.com", }, references: [ { category: "self", summary: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - HTML Version", url: "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", }, { category: "self", summary: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - CSAF Version", url: "https://cert-portal.siemens.com/productcert/csaf/ssa-794697.json", }, { category: "self", summary: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - PDF Version", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-794697.pdf", }, { category: "self", summary: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1 - TXT Version", url: "https://cert-portal.siemens.com/productcert/txt/ssa-794697.txt", }, ], title: "SSA-794697: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP before V1.1", tracking: { current_release_date: "2024-04-09T00:00:00Z", generator: { engine: { name: "Siemens ProductCERT CSAF Generator", version: "1", }, }, id: "SSA-794697", initial_release_date: "2023-06-13T00:00:00Z", revision_history: [ { date: "2023-06-13T00:00:00Z", legacy_version: "1.0", number: "1", summary: "Publication Date", }, { date: "2023-07-11T00:00:00Z", legacy_version: "1.1", number: "2", summary: "Added CVE-2022-4269, CVE-2023-3141, CVE-2023-3268, CVE-2023-31436, CVE-2023-32233", }, { date: "2023-08-08T00:00:00Z", legacy_version: "1.2", number: "3", summary: "Added CVE-2023-3446, CVE-2023-3389, CVE-2022-1015, \r\nCVE-2023-3609", }, { date: "2023-09-12T00:00:00Z", legacy_version: "1.3", number: "4", summary: "Added CVE-2023-3338", }, { date: "2023-11-14T00:00:00Z", legacy_version: "1.4", number: "5", summary: "Added CVE-2023-1206, CVE-2023-2898, CVE-2023-3610, CVE-2023-3611, CVE-2023-3772, CVE-2023-3773, CVE-2023-3777, CVE-2023-4004, CVE-2023-4015, CVE-2023-4273, CVE-2023-4623, CVE-2023-4921, CVE-2023-35001, CVE-2023-37453, CVE-2023-39192, CVE-2023-39193, CVE-2023-39194, CVE-2023-42753, CVE-2023-42755", }, { date: "2023-12-12T00:00:00Z", legacy_version: "1.5", number: "6", summary: "Added CVE-2021-44879, CVE-2023-5178, CVE-2023-5197, CVE-2023-5678, CVE-2023-5717, CVE-2023-31085, CVE-2023-35827, CVE-2023-39189, CVE-2023-42754, CVE-2023-45863, CVE-2023-45871", }, { date: "2024-01-09T00:00:00Z", legacy_version: "1.6", number: "7", summary: "Added CVE-2023-48795", }, { date: "2024-02-13T00:00:00Z", legacy_version: "1.7", number: "8", summary: "Added CVE-2020-12762, CVE-2023-6606, CVE-2023-6931, CVE-2023-6932, CVE-2023-7008, CVE-2023-7104, CVE-2023-36660, CVE-2023-50495, CVE-2023-51384, CVE-2023-51385, CVE-2023-51767, CVE-2024-0232, CVE-2024-0553, CVE-2024-0567, CVE-2024-0584, CVE-2024-0684, CVE-2024-22365, CVE-2024-25062", }, { date: "2024-04-09T00:00:00Z", legacy_version: "1.8", number: "9", summary: "Added fix for SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", }, ], status: "interim", version: "9", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version_range", name: "<V1.1", product: { name: "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", product_id: "1", }, }, ], category: "product_name", name: "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem", }, ], category: "vendor", name: "Siemens", }, ], }, vulnerabilities: [ { cve: "CVE-2020-12762", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "summary", text: "json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2020-12762", }, { cve: "CVE-2021-3759", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2021-3759", }, { cve: "CVE-2021-4037", cwe: { id: "CWE-284", name: "Improper Access Control", }, notes: [ { category: "summary", text: "A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2021-4037", }, { cve: "CVE-2021-33655", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2021-33655", }, { cve: "CVE-2021-44879", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2021-44879", }, { cve: "CVE-2022-0171", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-0171", }, { cve: "CVE-2022-1012", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "summary", text: "A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8.2, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1012", }, { cve: "CVE-2022-1015", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1015", }, { cve: "CVE-2022-1184", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1184", }, { cve: "CVE-2022-1292", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "summary", text: "The c_rehash script does not properly sanitise shell metacharacters to prevent command injection.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1292", }, { cve: "CVE-2022-1343", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "summary", text: "Under certain circumstances, the command line OCSP verify function reports successful verification when the verification in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1343", }, { cve: "CVE-2022-1434", cwe: { id: "CWE-327", name: "Use of a Broken or Risky Cryptographic Algorithm", }, notes: [ { category: "summary", text: "When using the RC4-MD5 ciphersuite, which is disabled by default, an attacker is able to modify data in transit due to an incorrect use of the AAD data as the MAC key in OpenSSL 3.0. An attacker is not able to decrypt any communication.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1434", }, { cve: "CVE-2022-1462", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1462", }, { cve: "CVE-2022-1473", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "summary", text: "The used OpenSSL version improperly reuses memory when decoding certificates or keys. This can lead to a process termination and Denial of Service for long lived processes.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1473", }, { cve: "CVE-2022-1679", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1679", }, { cve: "CVE-2022-1852", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1852", }, { cve: "CVE-2022-1882", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-1882", }, { cve: "CVE-2022-2068", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "summary", text: "In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2068", }, { cve: "CVE-2022-2078", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "summary", text: "A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2078", }, { cve: "CVE-2022-2097", cwe: { id: "CWE-326", name: "Inadequate Encryption Strength", }, notes: [ { category: "summary", text: "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2097", }, { cve: "CVE-2022-2153", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2153", }, { cve: "CVE-2022-2274", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2274", }, { cve: "CVE-2022-2327", cwe: { id: "CWE-415", name: "Double Free", }, notes: [ { category: "summary", text: "io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2327", }, { cve: "CVE-2022-2503", cwe: { id: "CWE-287", name: "Improper Authentication", }, notes: [ { category: "summary", text: "Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2503", }, { cve: "CVE-2022-2586", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in nf_tables cross-table in the net/netfilter/nf_tables_api.c function in the Linux kernel. This flaw allows a local, privileged attacker to cause a use-after-free problem at the time of table deletion, possibly leading to local privilege escalation.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2586", }, { cve: "CVE-2022-2588", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "Zhenpeng Lin discovered that the network packet scheduler implementation in the Linux kernel did not properly remove all references to a route filter before freeing it in some situations. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2588", }, { cve: "CVE-2022-2602", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel. A race issue occurs between an io_uring request and the Unix socket garbage collector, allowing an attacker local privilege escalation.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2602", }, { cve: "CVE-2022-2663", cwe: { id: "CWE-923", name: "Improper Restriction of Communication Channel to Intended Endpoints", }, notes: [ { category: "summary", text: "An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2663", }, { cve: "CVE-2022-2905", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An out-of-bounds memory read flaw was found in the Linux kernel's BPF subsystem in how a user calls the bpf_tail_call function with a key larger than the max_entries of the map. This flaw allows a local user to gain unauthorized access to data.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2905", }, { cve: "CVE-2022-2959", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2959", }, { cve: "CVE-2022-2978", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-2978", }, { cve: "CVE-2022-3028", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3028", }, { cve: "CVE-2022-3104", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.16-rc6. lkdtm_ARRAY_BOUNDS in drivers/misc/lkdtm/bugs.c lacks check of the return value of kmalloc() and will cause the null pointer dereference.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3104", }, { cve: "CVE-2022-3115", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3115", }, { cve: "CVE-2022-3169", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3169", }, { cve: "CVE-2022-3303", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3303", }, { cve: "CVE-2022-3521", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function kcm_tx_work of the file net/kcm/kcmsock.c of the component kcm. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211018 is the identifier assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 2.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3521", }, { cve: "CVE-2022-3524", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function ipv6_renew_options of the component IPv6 Handler. The manipulation leads to memory leak. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211021 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3524", }, { cve: "CVE-2022-3534", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A vulnerability classified as critical has been found in Linux Kernel. Affected is the function btf_dump_name_dups of the file tools/lib/bpf/btf_dump.c of the component libbpf. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211032.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3534", }, { cve: "CVE-2022-3545", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3545", }, { cve: "CVE-2022-3564", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3564", }, { cve: "CVE-2022-3565", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function del_timer of the file drivers/isdn/mISDN/l1oip_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211088.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3565", }, { cve: "CVE-2022-3586", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3586", }, { cve: "CVE-2022-3594", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3594", }, { cve: "CVE-2022-3606", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3606", }, { cve: "CVE-2022-3621", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211920.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3621", }, { cve: "CVE-2022-3625", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlink_param_set/devlink_param_get of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211929 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3625", }, { cve: "CVE-2022-3628", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "summary", text: "A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3628", }, { cve: "CVE-2022-3629", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3629", }, { cve: "CVE-2022-3633", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "summary", text: "A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3633", }, { cve: "CVE-2022-3635", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tst_timer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 is the identifier assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3635", }, { cve: "CVE-2022-3646", cwe: { id: "CWE-404", name: "Improper Resource Shutdown or Release", }, notes: [ { category: "summary", text: "A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfs_attach_log_writer of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. The identifier VDB-211961 was assigned to this vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3646", }, { cve: "CVE-2022-3649", cwe: { id: "CWE-119", name: "Improper Restriction of Operations within the Bounds of a Memory Buffer", }, notes: [ { category: "summary", text: "A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-3649", }, { cve: "CVE-2022-4095", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4095", }, { cve: "CVE-2022-4129", cwe: { id: "CWE-667", name: "Improper Locking", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4129", }, { cve: "CVE-2022-4139", cwe: { id: "CWE-401", name: "Missing Release of Memory after Effective Lifetime", }, notes: [ { category: "summary", text: "An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4139", }, { cve: "CVE-2022-4269", cwe: { id: "CWE-833", name: "Deadlock", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action \"mirred\") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4269", }, { cve: "CVE-2022-4304", cwe: { id: "CWE-326", name: "Inadequate Encryption Strength", }, notes: [ { category: "summary", text: "A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4304", }, { cve: "CVE-2022-4450", cwe: { id: "CWE-415", name: "Double Free", }, notes: [ { category: "summary", text: "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data. If the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4450", }, { cve: "CVE-2022-4662", cwe: { id: "CWE-455", name: "Non-exit on Failed Initialization", }, notes: [ { category: "summary", text: "A flaw incorrect access control in the Linux kernel USB core subsystem was found in the way user attaches usb device. A local user could use this flaw to crash the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-4662", }, { cve: "CVE-2022-20421", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "In binder_inc_ref_for_node of binder.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630375References: Upstream kernel", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-20421", }, { cve: "CVE-2022-20422", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "In emulation_proc_handler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-237540956References: Upstream kernel", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-20422", }, { cve: "CVE-2022-20566", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "In l2cap_chan_put of l2cap_core, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-165329981References: Upstream kernel", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-20566", }, { cve: "CVE-2022-20572", cwe: { id: "CWE-863", name: "Incorrect Authorization", }, notes: [ { category: "summary", text: "In verity_target of dm-verity-target.c, there is a possible way to modify read-only files due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-234475629References: Upstream kernel", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-20572", }, { cve: "CVE-2022-21123", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "summary", text: "Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-21123", }, { cve: "CVE-2022-21125", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "summary", text: "Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-21125", }, { cve: "CVE-2022-21166", cwe: { id: "CWE-459", name: "Incomplete Cleanup", }, notes: [ { category: "summary", text: "Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-21166", }, { cve: "CVE-2022-21505", cwe: { id: "CWE-305", name: "Authentication Bypass by Primary Weakness", }, notes: [ { category: "summary", text: "A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-21505", }, { cve: "CVE-2022-26373", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "summary", text: "Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-26373", }, { cve: "CVE-2022-32250", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-32250", }, { cve: "CVE-2022-32296", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, notes: [ { category: "summary", text: "The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (\"Double-Hash Port Selection Algorithm\") of RFC 6056.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-32296", }, { cve: "CVE-2022-34918", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-34918", }, { cve: "CVE-2022-36123", cwe: { id: "CWE-311", name: "Missing Encryption of Sensitive Data", }, notes: [ { category: "summary", text: "The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-36123", }, { cve: "CVE-2022-36280", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-36280", }, { cve: "CVE-2022-36879", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-36879", }, { cve: "CVE-2022-36946", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-36946", }, { cve: "CVE-2022-39188", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-39188", }, { cve: "CVE-2022-39190", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-39190", }, { cve: "CVE-2022-40307", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-40307", }, { cve: "CVE-2022-40768", cwe: { id: "CWE-668", name: "Exposure of Resource to Wrong Sphere", }, notes: [ { category: "summary", text: "drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-40768", }, { cve: "CVE-2022-41218", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-41218", }, { cve: "CVE-2022-41222", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-41222", }, { cve: "CVE-2022-41674", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-41674", }, { cve: "CVE-2022-41849", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-41849", }, { cve: "CVE-2022-41850", cwe: { id: "CWE-362", name: "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')", }, notes: [ { category: "summary", text: "roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-41850", }, { cve: "CVE-2022-42328", cwe: { id: "CWE-667", name: "Improper Locking", }, notes: [ { category: "summary", text: "Guests can trigger deadlock in Linux netback driver [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42328", }, { cve: "CVE-2022-42329", cwe: { id: "CWE-667", name: "Improper Locking", }, notes: [ { category: "summary", text: "Guests can trigger deadlock in Linux netback drive. The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42329", }, { cve: "CVE-2022-42432", cwe: { id: "CWE-457", name: "Use of Uninitialized Variable", }, notes: [ { category: "summary", text: "This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42432", }, { cve: "CVE-2022-42703", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42703", }, { cve: "CVE-2022-42719", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42719", }, { cve: "CVE-2022-42720", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42720", }, { cve: "CVE-2022-42721", cwe: { id: "CWE-835", name: "Loop with Unreachable Exit Condition ('Infinite Loop')", }, notes: [ { category: "summary", text: "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42721", }, { cve: "CVE-2022-42722", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42722", }, { cve: "CVE-2022-42895", cwe: { id: "CWE-824", name: "Access of Uninitialized Pointer", }, notes: [ { category: "summary", text: "There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_parse_conf_req function which can be used to leak kernel pointers remotely. We recommend upgrading past commit https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42895", }, { cve: "CVE-2022-42896", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "There are use-after-free vulnerabilities in the Linux kernel's net/bluetooth/l2cap_core.c's l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth. A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim. We recommend upgrading past commit https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-42896", }, { cve: "CVE-2022-43750", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-43750", }, { cve: "CVE-2022-47518", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-47518", }, { cve: "CVE-2022-47520", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-47520", }, { cve: "CVE-2022-47929", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with \"tc qdisc\" and \"tc class\" commands. This affects qdisc_graft in net/sched/sch_api.c.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-47929", }, { cve: "CVE-2022-47946", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2022-47946", }, { cve: "CVE-2023-0215", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-0215", }, { cve: "CVE-2023-0286", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-0286", }, { cve: "CVE-2023-0464", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "summary", text: "A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing the `-policy` argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()` function.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-0464", }, { cve: "CVE-2023-0465", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "summary", text: "Applications that use a non-default option when verifying certificates may be\r\nvulnerable to an attack from a malicious CA to circumvent certain checks.\r\n\r\nInvalid certificate policies in leaf certificates are silently ignored by\r\nOpenSSL and other certificate policy checks are skipped for that certificate.\r\nA malicious CA could use this to deliberately assert invalid certificate policies\r\nin order to circumvent policy checking on the certificate altogether.\r\n\r\nPolicy processing is disabled by default but can be enabled by passing\r\nthe `-policy` argument to the command line utilities or by calling the\r\n`X509_VERIFY_PARAM_set1_policies()` function.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-0465", }, { cve: "CVE-2023-0466", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, notes: [ { category: "summary", text: "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-0466", }, { cve: "CVE-2023-0590", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-0590", }, { cve: "CVE-2023-1077", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-1077", }, { cve: "CVE-2023-1095", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-1095", }, { cve: "CVE-2023-1206", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, notes: [ { category: "summary", text: "A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-1206", }, { cve: "CVE-2023-2898", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-2898", }, { cve: "CVE-2023-3141", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3141", }, { cve: "CVE-2023-3268", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3268", }, { cve: "CVE-2023-3338", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3338", }, { cve: "CVE-2023-3389", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\r\n\r\nWe recommend upgrading past commit `ef7dfac51d8ed961b742218f526bd589f3900a59` \r\n(`4716c73b188566865bdd79c3a6709696a224ac04` for 5.10 stable and \r\n`0e388fce7aec40992eadee654193cad345d62663` for 5.15 stable).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3389", }, { cve: "CVE-2023-3446", cwe: { id: "CWE-1333", name: "Inefficient Regular Expression Complexity", }, notes: [ { category: "summary", text: "Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ('p' parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulernable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3446", }, { cve: "CVE-2023-3609", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\r\n\r\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3609", }, { cve: "CVE-2023-3610", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3610", }, { cve: "CVE-2023-3611", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\r\n\r\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3611", }, { cve: "CVE-2023-3772", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3772", }, { cve: "CVE-2023-3773", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3773", }, { cve: "CVE-2023-3777", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nWhen nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances.\n\nWe recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-3777", }, { cve: "CVE-2023-4004", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-4004", }, { cve: "CVE-2023-4015", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "The netfilter subsystem in the Linux kernel did not properly handle bound chain deactivation in certain circumstances. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-4015", }, { cve: "CVE-2023-4273", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "summary", text: "This vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this vulnerability to overflow the kernel stack.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-4273", }, { cve: "CVE-2023-4623", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-4623", }, { cve: "CVE-2023-4911", cwe: { id: "CWE-121", name: "Stack-based Buffer Overflow", }, notes: [ { category: "summary", text: "A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-4911", }, { cve: "CVE-2023-4921", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-4921", }, { cve: "CVE-2023-5178", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious local privileged user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation problem.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-5178", }, { cve: "CVE-2023-5197", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\r\n\r\nAddition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.\r\n\r\nWe recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-5197", }, { cve: "CVE-2023-5678", cwe: { id: "CWE-754", name: "Improper Check for Unusual or Exceptional Conditions", }, notes: [ { category: "summary", text: "Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the \"-pubcheck\" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-5678", }, { cve: "CVE-2023-5717", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\r\n\r\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\r\n\r\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-5717", }, { cve: "CVE-2023-6606", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-6606", }, { cve: "CVE-2023-6931", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation.\n\nA perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group().\n\nWe recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-6931", }, { cve: "CVE-2023-6932", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation.\n\nA race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread.\n\nWe recommend upgrading past commit e2b706c691905fe78468c361aaabc719d0a496f1.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-6932", }, { cve: "CVE-2023-7008", cwe: { id: "CWE-300", name: "Channel Accessible by Non-Endpoint", }, notes: [ { category: "summary", text: "A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-7008", }, { cve: "CVE-2023-7104", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "summary", text: "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-7104", }, { cve: "CVE-2023-23454", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-23454", }, { cve: "CVE-2023-23455", cwe: { id: "CWE-843", name: "Access of Resource Using Incompatible Type ('Type Confusion')", }, notes: [ { category: "summary", text: "atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-23455", }, { cve: "CVE-2023-23559", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, notes: [ { category: "summary", text: "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-23559", }, { cve: "CVE-2023-26607", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-26607", }, { cve: "CVE-2023-31085", cwe: { id: "CWE-369", name: "Divide By Zero", }, notes: [ { category: "summary", text: "An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-31085", }, { cve: "CVE-2023-31436", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-31436", }, { cve: "CVE-2023-32233", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-32233", }, { cve: "CVE-2023-35001", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-35001", }, { cve: "CVE-2023-35827", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-35827", }, { cve: "CVE-2023-36660", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-36660", }, { cve: "CVE-2023-37453", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-37453", }, { cve: "CVE-2023-39189", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-39189", }, { cve: "CVE-2023-39192", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-39192", }, { cve: "CVE-2023-39193", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-39193", }, { cve: "CVE-2023-39194", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 3.2, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-39194", }, { cve: "CVE-2023-42753", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-42753", }, { cve: "CVE-2023-42754", cwe: { id: "CWE-476", name: "NULL Pointer Dereference", }, notes: [ { category: "summary", text: "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-42754", }, { cve: "CVE-2023-42755", cwe: { id: "CWE-125", name: "Out-of-bounds Read", }, notes: [ { category: "summary", text: "A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-42755", }, { cve: "CVE-2023-45863", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, notes: [ { category: "summary", text: "An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-45863", }, { cve: "CVE-2023-45871", cwe: { id: "CWE-120", name: "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", }, notes: [ { category: "summary", text: "An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 9.8, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-45871", }, { cve: "CVE-2023-48795", cwe: { id: "CWE-222", name: "Truncation of Security-relevant Information", }, notes: [ { category: "summary", text: "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust; and there could be effects on Bitvise SSH through 9.31.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-48795", }, { cve: "CVE-2023-50495", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-50495", }, { cve: "CVE-2023-51384", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-51384", }, { cve: "CVE-2023-51385", cwe: { id: "CWE-78", name: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, notes: [ { category: "summary", text: "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-51385", }, { cve: "CVE-2023-51767", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2023-51767", }, { cve: "CVE-2024-0232", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 4.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-0232", }, { cve: "CVE-2024-0553", cwe: { id: "CWE-203", name: "Observable Discrepancy", }, notes: [ { category: "summary", text: "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-0553", }, { cve: "CVE-2024-0567", cwe: { id: "CWE-347", name: "Improper Verification of Cryptographic Signature", }, notes: [ { category: "summary", text: "A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-0567", }, { cve: "CVE-2024-0584", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "A use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-0584", }, { cve: "CVE-2024-0684", cwe: { id: "CWE-122", name: "Heap-based Buffer Overflow", }, notes: [ { category: "summary", text: "A flaw was found in the GNU coreutils \"split\" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-0684", }, { cve: "CVE-2024-22365", cwe: { id: "CWE-20", name: "Improper Input Validation", }, notes: [ { category: "summary", text: "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-22365", }, { cve: "CVE-2024-25062", cwe: { id: "CWE-416", name: "Use After Free", }, notes: [ { category: "summary", text: "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", title: "Summary", }, ], product_status: { known_affected: [ "1", ], }, remediations: [ { category: "vendor_fix", details: "Update to V1.1 or later version", product_ids: [ "1", ], url: "https://support.industry.siemens.com/cs/ww/en/view/109827684/", }, { category: "workaround", details: "Only build and run applications from trusted sources", product_ids: [ "1", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", version: "3.1", }, products: [ "1", ], }, ], title: "CVE-2024-25062", }, ], }
fkie_cve-2024-25062
Vulnerability from fkie_nvd
Published
2024-02-04 16:15
Modified
2024-11-21 09:00
Severity ?
Summary
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 | Exploit, Issue Tracking | |
| cve@mitre.org | https://gitlab.gnome.org/GNOME/libxml2/-/tags | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitlab.gnome.org/GNOME/libxml2/-/tags | Release Notes |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", matchCriteriaId: "971ACB1F-3D2E-4CBD-A75C-F58063898438", versionEndExcluding: "2.11.7", vulnerable: true, }, { criteria: "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", matchCriteriaId: "D4CEB958-63E0-4939-9520-406AB65425C9", versionEndExcluding: "2.12.5", versionStartIncluding: "2.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", }, { lang: "es", value: "Se descubrió un problema en libxml2 anterior a 2.11.7 y 2.12.x anterior a 2.12.5. Cuando se utiliza la interfaz del Lector XML con la validación DTD y la expansión XInclude habilitada, el procesamiento de documentos XML manipulados puede generar un use-after-free de xmlValidatePopElement.", }, ], id: "CVE-2024-25062", lastModified: "2024-11-21T09:00:10.427", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-04T16:15:45.120", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
gsd-2024-25062
Vulnerability from gsd
Modified
2024-02-05 06:03
Details
An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.
Aliases
{ gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2024-25062", ], details: "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", id: "GSD-2024-25062", modified: "2024-02-05T06:03:25.246357Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2024-25062", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", refsource: "MISC", url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, { name: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", refsource: "CONFIRM", url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, ], }, }, "nvd.nist.gov": { cve: { configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", matchCriteriaId: "971ACB1F-3D2E-4CBD-A75C-F58063898438", versionEndExcluding: "2.11.7", vulnerable: true, }, { criteria: "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", matchCriteriaId: "D4CEB958-63E0-4939-9520-406AB65425C9", versionEndExcluding: "2.12.5", versionStartIncluding: "2.12.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.", }, { lang: "es", value: "Se descubrió un problema en libxml2 anterior a 2.11.7 y 2.12.x anterior a 2.12.5. Cuando se utiliza la interfaz del Lector XML con la validación DTD y la expansión XInclude habilitada, el procesamiento de documentos XML manipulados puede generar un use-after-free de xmlValidatePopElement.", }, ], id: "CVE-2024-25062", lastModified: "2024-02-13T00:40:40.503", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-02-04T16:15:45.120", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", }, { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://gitlab.gnome.org/GNOME/libxml2/-/tags", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }, }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.