Vulnerability-Lookup

WID-SEC-W-2024-1656

Vulnerability from csaf_certbund - Published: 2024-07-16 22:00 - Updated: 2025-06-10 22:00

Summary

Oracle MySQL: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: MySQL ist ein Open Source Datenbankserver von Oracle.

Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme: - Linux - Windows

CVE-2021-24112

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2023-37920

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2023-48795

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2023-52425

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2023-6129

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-0450

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-20996

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21125

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21127

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21129

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21130

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21134

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21135

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21137

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21142

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21157

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21159

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21160

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21162

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21163

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21165

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21166

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21170

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21171

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21173

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21176

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21177

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21179

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-21185

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-22257

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-22262

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-24549

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

CVE-2024-25062

Affected products

Known affected 9 products

Product	Identifier	Version
NetApp ActiveIQ Unified Manager for VMware vSphere NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere`	for VMware vSphere
Xerox FreeFlow Print Server v9 for Solaris Xerox / FreeFlow Print Server	`cpe:/a:xerox:freeflow_print_server:v9_for_solaris`	v9 for Solaris
Oracle MySQL 8.4.1 Oracle / MySQL	`cpe:/a:oracle:mysql:8.4.1`	8.4.1
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
IBM Security Guardium 12.0 IBM / Security Guardium	`cpe:/a:ibm:security_guardium:12.0`	12
NetApp ActiveIQ Unified Manager for Microsoft Windows NetApp / ActiveIQ Unified Manager	`cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows`	for Microsoft Windows
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—
Oracle MySQL 9.0.0 Oracle / MySQL	`cpe:/a:oracle:mysql:9.0.0`	9.0.0
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

Last affected 11 products

Product	Identifier	Version	Remediation
Oracle MySQL <=8.0.34 Oracle / MySQL		<=8.0.34
Oracle MySQL <=8.2.0 Oracle / MySQL		<=8.2.0
Oracle MySQL <=8.1.0 Oracle / MySQL		<=8.1.0
Oracle MySQL <=7.5.34 Oracle / MySQL		<=7.5.34
Oracle MySQL <=7.6.30 Oracle / MySQL		<=7.6.30
Oracle MySQL <=8.0.35 Oracle / MySQL		<=8.0.35
Oracle MySQL <=8.4.0 Oracle / MySQL		<=8.4.0
Oracle MySQL <=8.0.38 Oracle / MySQL		<=8.0.38
Oracle MySQL <=8.0.37 Oracle / MySQL		<=8.0.37
Oracle MySQL <=8.0.36 Oracle / MySQL		<=8.0.36
Oracle MySQL <=8.3.0 Oracle / MySQL		<=8.3.0

References

12 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/security-alerts/cpujul2024…	external
https://ubuntu.com/security/notices/USN-6934-1	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://my.f5.com/manage/s/article/K000140908	external
https://www.ibm.com/support/pages/node/7173959	external
https://www.ibm.com/support/pages/node/7180384	external
https://securitydocs.business.xerox.com/wp-conten…	external
https://security.netapp.com/advisory/NTAP-20240801-0001	external
https://security.netapp.com/advisory/NTAP-20240731-0007	external
https://security.netapp.com/advisory/NTAP-20240731-0006	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "MySQL ist ein Open Source Datenbankserver von Oracle.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle MySQL ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1656 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1656.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1656 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1656"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - July 2024 - Appendix Oracle MySQL vom 2024-07-16",
        "url": "https://www.oracle.com/security-alerts/cpujul2024.html#AppendixMSQL"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6934-1 vom 2024-07-31",
        "url": "https://ubuntu.com/security/notices/USN-6934-1"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2024-5D9DC19F2D vom 2024-08-12",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5d9dc19f2d"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K000140908 vom 2024-09-03",
        "url": "https://my.f5.com/manage/s/article/K000140908"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7173959 vom 2024-10-23",
        "url": "https://www.ibm.com/support/pages/node/7173959"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7180384 vom 2025-01-07",
        "url": "https://www.ibm.com/support/pages/node/7180384"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX25-001 vom 2025-01-13",
        "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-001-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20240801-0001 vom 2025-06-11",
        "url": "https://security.netapp.com/advisory/NTAP-20240801-0001"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20240731-0007 vom 2025-06-11",
        "url": "https://security.netapp.com/advisory/NTAP-20240731-0007"
      },
      {
        "category": "external",
        "summary": "NetApp Security Advisory NTAP-20240731-0006 vom 2025-06-11",
        "url": "https://security.netapp.com/advisory/NTAP-20240731-0006"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle MySQL: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-10T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-11T06:26:12.489+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2024-1656",
      "initial_release_date": "2024-07-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-07-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-07-31T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-08-11T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Fedora aufgenommen"
        },
        {
          "date": "2024-09-03T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von F5 aufgenommen"
        },
        {
          "date": "2024-10-23T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-01-07T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-01-12T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von XEROX aufgenommen"
        },
        {
          "date": "2025-06-10T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von NetApp aufgenommen"
        }
      ],
      "status": "final",
      "version": "8"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "F5 BIG-IP",
            "product": {
              "name": "F5 BIG-IP",
              "product_id": "T001663",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:big-ip:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12",
                "product": {
                  "name": "IBM Security Guardium 12.0",
                  "product_id": "T031092",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:security_guardium:12.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Security Guardium"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "for VMware vSphere",
                "product": {
                  "name": "NetApp ActiveIQ Unified Manager for VMware vSphere",
                  "product_id": "T025152",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "for Microsoft Windows",
                "product": {
                  "name": "NetApp ActiveIQ Unified Manager for Microsoft Windows",
                  "product_id": "T025631",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:netapp:active_iq_unified_manager:for_microsoft_windows"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "ActiveIQ Unified Manager"
          }
        ],
        "category": "vendor",
        "name": "NetApp"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=8.1.0",
                "product": {
                  "name": "Oracle MySQL \u003c=8.1.0",
                  "product_id": "1502322"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.1.0",
                "product": {
                  "name": "Oracle MySQL \u003c=8.1.0",
                  "product_id": "1502322-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.0.34",
                "product": {
                  "name": "Oracle MySQL \u003c=8.0.34",
                  "product_id": "1502323"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.0.34",
                "product": {
                  "name": "Oracle MySQL \u003c=8.0.34",
                  "product_id": "1502323-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.0.35",
                "product": {
                  "name": "Oracle MySQL \u003c=8.0.35",
                  "product_id": "1566667"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.0.35",
                "product": {
                  "name": "Oracle MySQL \u003c=8.0.35",
                  "product_id": "1566667-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.2.0",
                "product": {
                  "name": "Oracle MySQL \u003c=8.2.0",
                  "product_id": "1566668"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.2.0",
                "product": {
                  "name": "Oracle MySQL \u003c=8.2.0",
                  "product_id": "1566668-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.0.36",
                "product": {
                  "name": "Oracle MySQL \u003c=8.0.36",
                  "product_id": "T032120"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.0.36",
                "product": {
                  "name": "Oracle MySQL \u003c=8.0.36",
                  "product_id": "T032120-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.3.0",
                "product": {
                  "name": "Oracle MySQL \u003c=8.3.0",
                  "product_id": "T034178"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.3.0",
                "product": {
                  "name": "Oracle MySQL \u003c=8.3.0",
                  "product_id": "T034178-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.0.37",
                "product": {
                  "name": "Oracle MySQL \u003c=8.0.37",
                  "product_id": "T034179"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.0.37",
                "product": {
                  "name": "Oracle MySQL \u003c=8.0.37",
                  "product_id": "T034179-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.4.0",
                "product": {
                  "name": "Oracle MySQL \u003c=8.4.0",
                  "product_id": "T036237"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.4.0",
                "product": {
                  "name": "Oracle MySQL \u003c=8.4.0",
                  "product_id": "T036237-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.5.34",
                "product": {
                  "name": "Oracle MySQL \u003c=7.5.34",
                  "product_id": "T036238"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.5.34",
                "product": {
                  "name": "Oracle MySQL \u003c=7.5.34",
                  "product_id": "T036238-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.6.30",
                "product": {
                  "name": "Oracle MySQL \u003c=7.6.30",
                  "product_id": "T036239"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.6.30",
                "product": {
                  "name": "Oracle MySQL \u003c=7.6.30",
                  "product_id": "T036239-fixed"
                }
              },
              {
                "category": "product_version",
                "name": "8.4.1",
                "product": {
                  "name": "Oracle MySQL 8.4.1",
                  "product_id": "T036240",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:mysql:8.4.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "9.0.0",
                "product": {
                  "name": "Oracle MySQL 9.0.0",
                  "product_id": "T036241",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:mysql:9.0.0"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.0.38",
                "product": {
                  "name": "Oracle MySQL \u003c=8.0.38",
                  "product_id": "T036274"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=8.0.38",
                "product": {
                  "name": "Oracle MySQL \u003c=8.0.38",
                  "product_id": "T036274-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "MySQL"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v9 for Solaris",
                "product": {
                  "name": "Xerox FreeFlow Print Server v9 for Solaris",
                  "product_id": "T028053",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v9_for_solaris"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-24112",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2021-24112"
    },
    {
      "cve": "CVE-2023-37920",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-37920"
    },
    {
      "cve": "CVE-2023-48795",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-48795"
    },
    {
      "cve": "CVE-2023-52425",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-52425"
    },
    {
      "cve": "CVE-2023-6129",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2023-6129"
    },
    {
      "cve": "CVE-2024-0450",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-0450"
    },
    {
      "cve": "CVE-2024-20996",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-20996"
    },
    {
      "cve": "CVE-2024-21125",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21125"
    },
    {
      "cve": "CVE-2024-21127",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21127"
    },
    {
      "cve": "CVE-2024-21129",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21129"
    },
    {
      "cve": "CVE-2024-21130",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21130"
    },
    {
      "cve": "CVE-2024-21134",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21134"
    },
    {
      "cve": "CVE-2024-21135",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21135"
    },
    {
      "cve": "CVE-2024-21137",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21137"
    },
    {
      "cve": "CVE-2024-21142",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21142"
    },
    {
      "cve": "CVE-2024-21157",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21157"
    },
    {
      "cve": "CVE-2024-21159",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21159"
    },
    {
      "cve": "CVE-2024-21160",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21160"
    },
    {
      "cve": "CVE-2024-21162",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21162"
    },
    {
      "cve": "CVE-2024-21163",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21163"
    },
    {
      "cve": "CVE-2024-21165",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21165"
    },
    {
      "cve": "CVE-2024-21166",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21166"
    },
    {
      "cve": "CVE-2024-21170",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21170"
    },
    {
      "cve": "CVE-2024-21171",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21171"
    },
    {
      "cve": "CVE-2024-21173",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21173"
    },
    {
      "cve": "CVE-2024-21176",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21176"
    },
    {
      "cve": "CVE-2024-21177",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21177"
    },
    {
      "cve": "CVE-2024-21179",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21179"
    },
    {
      "cve": "CVE-2024-21185",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-21185"
    },
    {
      "cve": "CVE-2024-22257",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-22257"
    },
    {
      "cve": "CVE-2024-22262",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-22262"
    },
    {
      "cve": "CVE-2024-24549",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-24549"
    },
    {
      "cve": "CVE-2024-25062",
      "product_status": {
        "known_affected": [
          "T025152",
          "T028053",
          "T036240",
          "T000126",
          "T031092",
          "T025631",
          "T001663",
          "T036241",
          "74185"
        ],
        "last_affected": [
          "1502323",
          "1566668",
          "1502322",
          "T036238",
          "T036239",
          "1566667",
          "T036237",
          "T036274",
          "T034179",
          "T032120",
          "T034178"
        ]
      },
      "release_date": "2024-07-16T22:00:00.000+00:00",
      "title": "CVE-2024-25062"
    }
  ]
}

CVE-2021-24112 (GCVE-0-2021-24112)

Vulnerability from cvelistv5 – Published: 2021-02-25 23:01 – Updated: 2024-08-03 19:21

Title

.NET Core Remote Code Execution Vulnerability

Summary

.NET Core Remote Code Execution Vulnerability

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE

Remote Code Execution

Assigner

microsoft

References

1 reference

URL	Tags
https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC

Impacted products

5 products

Vendor	Product	Version
Microsoft	Visual Studio 2019 for Mac	Affected: 8.0.0 , < publication (custom) cpe:2.3:a:microsoft:visual_studio_2019:-:::::macos::
Microsoft	Mono 6.12.0	Affected: 6.12.0 , < publication (custom) cpe:2.3:a:microsoft:mono::::::::
Microsoft	.NET Core 2.1	Affected: 2.1 , < publication (custom) cpe:2.3:a:microsoft:.net_core::::::::
Microsoft	.NET Core 3.1	Affected: 3.1 , < publication (custom) cpe:2.3:a:microsoft:.net_core::::::::
Microsoft	.NET 5.0	Affected: 5.0.0 , < publication (custom) cpe:2.3:a:microsoft:.net::::::::

Date Public

2021-02-09 08:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T19:21:18.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24112"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:-:*:*:*:*:macos:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Visual Studio 2019 for Mac",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:mono:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Mono 6.12.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "6.12.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET Core 2.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "2.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET Core 3.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "3.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 5.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-02-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET Core Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T22:33:25.762Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24112"
        }
      ],
      "title": ".NET Core Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-24112",
    "datePublished": "2021-02-25T23:01:57.000Z",
    "dateReserved": "2021-01-13T00:00:00.000Z",
    "dateUpdated": "2024-08-03T19:21:18.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-37920 (GCVE-0-2023-37920)

Vulnerability from cvelistv5 – Published: 2023-07-25 20:45 – Updated: 2025-03-05 18:47

Title

Certifi's removal of e-Tugra root certificate

Summary

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-345 - Insufficient Verification of Data Authenticity

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/certifi/python-certifi/securit…	x_refsource_CONFIRM
https://github.com/certifi/python-certifi/commit/…	x_refsource_MISC
https://groups.google.com/a/mozilla.org/g/dev-sec…	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…

Impacted products

1 product

Vendor	Product	Version
certifi	python-certifi	Affected: >= 2015.04.28, < 2023.07.22

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-12T16:02:55.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7"
          },
          {
            "name": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909"
          },
          {
            "name": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240912-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-37920",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-05T18:38:32.972572Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-05T18:47:15.819Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "python-certifi",
          "vendor": "certifi",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2015.04.28, \u003c 2023.07.22"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra\u0027s root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345: Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-12T05:07:57.236Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7"
        },
        {
          "name": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909"
        },
        {
          "name": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/"
        }
      ],
      "source": {
        "advisory": "GHSA-xqr8-7jwr-rhp7",
        "discovery": "UNKNOWN"
      },
      "title": "Certifi\u0027s removal of e-Tugra root certificate"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-37920",
    "datePublished": "2023-07-25T20:45:35.286Z",
    "dateReserved": "2023-07-10T17:51:29.612Z",
    "dateUpdated": "2025-03-05T18:47:15.819Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-48795 (GCVE-0-2023-48795)

Vulnerability from cvelistv5 – Published: 2023-12-18 00:00 – Updated: 2026-05-12 11:02

Summary

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

Severity

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

Assigner

mitre

References

118 references

URL	Tags
https://www.chiark.greenend.org.uk/~sgtatham/putt…
https://matt.ucc.asn.au/dropbear/CHANGES
https://github.com/proftpd/proftpd/blob/master/RE…
https://www.netsarang.com/en/xshell-update-history/
https://www.paramiko.org/changelog.html
https://www.openssh.com/openbsd.html
https://github.com/openssh/openssh-portable/commi…
https://groups.google.com/g/golang-announce/c/-n5…
https://www.bitvise.com/ssh-server-version-history
https://github.com/ronf/asyncssh/tags
https://gitlab.com/libssh/libssh-mirror/-/tags
https://www.reddit.com/r/sysadmin/comments/18idv5…
https://github.com/erlang/otp/blob/d1b43dc0f1361d…
https://www.openssh.com/txt/release-9.6
https://jadaptive.com/important-java-ssh-security…
https://www.terrapin-attack.com
https://github.com/mkj/dropbear/blob/17657c36cce6…
https://github.com/ronf/asyncssh/blob/develop/doc…
https://thorntech.com/cve-2023-48795-and-sftp-gateway/
https://github.com/warp-tech/russh/releases/tag/v0.40.2
https://github.com/TeraTermProject/teraterm/commi…
https://www.openwall.com/lists/oss-security/2023/…
https://twitter.com/TrueSkrillor/status/173677438…
https://github.com/golang/crypto/commit/9d2ee975e…
https://github.com/paramiko/paramiko/issues/2337
https://groups.google.com/g/golang-announce/c/qA3…
https://news.ycombinator.com/item?id=38684904
https://news.ycombinator.com/item?id=38685286
http://www.openwall.com/lists/oss-security/2023/12/18/3	mailing-list
https://github.com/mwiede/jsch/issues/457
https://git.libssh.org/projects/libssh.git/commit…
https://github.com/erlang/otp/releases/tag/OTP-26.2.1
https://github.com/advisories/GHSA-45x7-px36-x8w8
https://security-tracker.debian.org/tracker/sourc…
https://security-tracker.debian.org/tracker/sourc…
https://security-tracker.debian.org/tracker/CVE-2…
https://bugzilla.suse.com/show_bug.cgi?id=1217950
https://bugzilla.redhat.com/show_bug.cgi?id=2254210
https://bugs.gentoo.org/920280
https://ubuntu.com/security/CVE-2023-48795
https://www.suse.com/c/suse-addresses-the-ssh-v2-…
https://access.redhat.com/security/cve/cve-2023-48795
https://github.com/mwiede/jsch/pull/461
https://github.com/drakkan/sftpgo/releases/tag/v2.5.6
https://github.com/libssh2/libssh2/pull/1291
https://forum.netgate.com/topic/184941/terrapin-s…
https://github.com/jtesta/ssh-audit/commit/8e972c…
https://github.com/rapier1/hpn-ssh/releases
https://github.com/proftpd/proftpd/issues/456
https://github.com/TeraTermProject/teraterm/relea…
https://github.com/mwiede/jsch/compare/jsch-0.2.1…
https://oryx-embedded.com/download/#changelog
https://www.crushftp.com/crush10wiki/Wiki.jsp?pag…
https://github.com/connectbot/sshlib/compare/2.2.…
https://github.com/connectbot/sshlib/commit/5c8b5…
https://github.com/mscdex/ssh2/commit/97b223f8891…
https://nest.pijul.com/pijul/thrussh/changes/D6H7…
https://crates.io/crates/thrussh/versions
https://github.com/NixOS/nixpkgs/pull/275249
http://www.openwall.com/lists/oss-security/2023/12/19/5	mailing-list
https://www.freebsd.org/security/advisories/FreeB…
https://arstechnica.com/security/2023/12/hackers-…
http://www.openwall.com/lists/oss-security/2023/12/20/3	mailing-list
http://packetstormsecurity.com/files/176280/Terra…
https://github.com/proftpd/proftpd/blob/d21e7a2e4…
https://github.com/proftpd/proftpd/blob/0a7ea9b0b…
https://github.com/apache/mina-sshd/issues/445
https://github.com/hierynomus/sshj/issues/916
https://github.com/janmojzis/tinyssh/issues/81
https://www.openwall.com/lists/oss-security/2023/…
https://security-tracker.debian.org/tracker/sourc…
https://github.com/net-ssh/net-ssh/blob/2e65064a5…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://www.debian.org/security/2023/dsa-5586	vendor-advisory
https://www.lancom-systems.de/service-support/all…
https://www.theregister.com/2023/12/20/terrapin_a…
https://filezilla-project.org/versions.php
https://nova.app/releases/#v11.8
https://roumenpetrov.info/secsh/#news20231220
https://www.vandyke.com/products/securecrt/history.txt
https://help.panic.com/releasenotes/transmit5/
https://github.com/PowerShell/Win32-OpenSSH/relea…
https://github.com/PowerShell/Win32-OpenSSH/issues/2189
https://winscp.net/eng/docs/history#6.2.2
https://www.bitvise.com/ssh-client-version-history#933
https://github.com/cyd01/KiTTY/issues/520
https://www.debian.org/security/2023/dsa-5588	vendor-advisory
https://github.com/ssh-mitm/ssh-mitm/issues/165
https://news.ycombinator.com/item?id=38732005
https://lists.debian.org/debian-lts-announce/2023…	mailing-list
https://security.gentoo.org/glsa/202312-16	vendor-advisory
https://security.gentoo.org/glsa/202312-17	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.netapp.com/advisory/ntap-2024010…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://psirt.global.sonicwall.com/vuln-detail/SN…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2024…	mailing-list
https://lists.debian.org/debian-lts-announce/2024…	mailing-list
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://support.apple.com/kb/HT214084
http://seclists.org/fulldisclosure/2024/Mar/21	mailing-list
https://lists.debian.org/debian-lts-announce/2024…	mailing-list
http://www.openwall.com/lists/oss-security/2024/04/17/8	mailing-list
http://www.openwall.com/lists/oss-security/2024/03/06/3	mailing-list

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T22:05:21.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://matt.ucc.asn.au/dropbear/CHANGES"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.netsarang.com/en/xshell-update-history/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.paramiko.org/changelog.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssh.com/openbsd.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssh/openssh-portable/commits/master"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bitvise.com/ssh-server-version-history"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ronf/asyncssh/tags"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssh.com/txt/release-9.6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.terrapin-attack.com"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/paramiko/paramiko/issues/2337"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=38684904"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=38685286"
          },
          {
            "name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mwiede/jsch/issues/457"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.gentoo.org/920280"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://ubuntu.com/security/CVE-2023-48795"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/cve-2023-48795"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mwiede/jsch/pull/461"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/libssh2/libssh2/pull/1291"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rapier1/hpn-ssh/releases"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/proftpd/proftpd/issues/456"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://oryx-embedded.com/download/#changelog"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://crates.io/crates/thrussh/versions"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/NixOS/nixpkgs/pull/275249"
          },
          {
            "name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
          },
          {
            "name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/apache/mina-sshd/issues/445"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/hierynomus/sshj/issues/916"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/janmojzis/tinyssh/issues/81"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
          },
          {
            "name": "FEDORA-2023-0733306be9",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
          },
          {
            "name": "DSA-5586",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5586"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://filezilla-project.org/versions.php"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nova.app/releases/#v11.8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://roumenpetrov.info/secsh/#news20231220"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.vandyke.com/products/securecrt/history.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://help.panic.com/releasenotes/transmit5/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://winscp.net/eng/docs/history#6.2.2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bitvise.com/ssh-client-version-history#933"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cyd01/KiTTY/issues/520"
          },
          {
            "name": "DSA-5588",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5588"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=38732005"
          },
          {
            "name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
          },
          {
            "name": "GLSA-202312-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202312-16"
          },
          {
            "name": "GLSA-202312-17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202312-17"
          },
          {
            "name": "FEDORA-2023-20feb865d8",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
          },
          {
            "name": "FEDORA-2023-cb8c606fbb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
          },
          {
            "name": "FEDORA-2023-e77300e4b5",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
          },
          {
            "name": "FEDORA-2023-b87ec6cf47",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
          },
          {
            "name": "FEDORA-2023-153404713b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
          },
          {
            "name": "FEDORA-2024-3bb23c77f3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
          },
          {
            "name": "FEDORA-2023-55800423a8",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
          },
          {
            "name": "FEDORA-2024-d946b9ad25",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
          },
          {
            "name": "FEDORA-2024-71c2c6526c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
          },
          {
            "name": "FEDORA-2024-39a8c72ea9",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
          },
          {
            "name": "FEDORA-2024-ae653fb07b",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
          },
          {
            "name": "FEDORA-2024-2705241461",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
          },
          {
            "name": "FEDORA-2024-fb32950d11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
          },
          {
            "name": "FEDORA-2024-7b08207cdb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
          },
          {
            "name": "FEDORA-2024-06ebb70bdd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
          },
          {
            "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
          },
          {
            "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
          },
          {
            "name": "FEDORA-2024-a53b24023d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
          },
          {
            "name": "FEDORA-2024-3fd1bc9276",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214084"
          },
          {
            "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
          },
          {
            "name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
          },
          {
            "name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
          },
          {
            "name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-48795",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-12-22T05:01:05.519910Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-354",
                "description": "CWE-354 Improper Validation of Integrity Check Value",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T20:45:57.733Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM APE1808",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T11:02:25.905Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-364175.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH\u0027s use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T18:06:23.972Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html"
        },
        {
          "url": "https://matt.ucc.asn.au/dropbear/CHANGES"
        },
        {
          "url": "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES"
        },
        {
          "url": "https://www.netsarang.com/en/xshell-update-history/"
        },
        {
          "url": "https://www.paramiko.org/changelog.html"
        },
        {
          "url": "https://www.openssh.com/openbsd.html"
        },
        {
          "url": "https://github.com/openssh/openssh-portable/commits/master"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ"
        },
        {
          "url": "https://www.bitvise.com/ssh-server-version-history"
        },
        {
          "url": "https://github.com/ronf/asyncssh/tags"
        },
        {
          "url": "https://gitlab.com/libssh/libssh-mirror/-/tags"
        },
        {
          "url": "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/"
        },
        {
          "url": "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42"
        },
        {
          "url": "https://www.openssh.com/txt/release-9.6"
        },
        {
          "url": "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/"
        },
        {
          "url": "https://www.terrapin-attack.com"
        },
        {
          "url": "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25"
        },
        {
          "url": "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst"
        },
        {
          "url": "https://thorntech.com/cve-2023-48795-and-sftp-gateway/"
        },
        {
          "url": "https://github.com/warp-tech/russh/releases/tag/v0.40.2"
        },
        {
          "url": "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2"
        },
        {
          "url": "https://twitter.com/TrueSkrillor/status/1736774389725565005"
        },
        {
          "url": "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d"
        },
        {
          "url": "https://github.com/paramiko/paramiko/issues/2337"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg"
        },
        {
          "url": "https://news.ycombinator.com/item?id=38684904"
        },
        {
          "url": "https://news.ycombinator.com/item?id=38685286"
        },
        {
          "name": "[oss-security] 20231218 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/12/18/3"
        },
        {
          "url": "https://github.com/mwiede/jsch/issues/457"
        },
        {
          "url": "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
        },
        {
          "url": "https://github.com/erlang/otp/releases/tag/OTP-26.2.1"
        },
        {
          "url": "https://github.com/advisories/GHSA-45x7-px36-x8w8"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/source-package/libssh2"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/CVE-2023-48795"
        },
        {
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1217950"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210"
        },
        {
          "url": "https://bugs.gentoo.org/920280"
        },
        {
          "url": "https://ubuntu.com/security/CVE-2023-48795"
        },
        {
          "url": "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/"
        },
        {
          "url": "https://access.redhat.com/security/cve/cve-2023-48795"
        },
        {
          "url": "https://github.com/mwiede/jsch/pull/461"
        },
        {
          "url": "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6"
        },
        {
          "url": "https://github.com/libssh2/libssh2/pull/1291"
        },
        {
          "url": "https://forum.netgate.com/topic/184941/terrapin-ssh-attack"
        },
        {
          "url": "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5"
        },
        {
          "url": "https://github.com/rapier1/hpn-ssh/releases"
        },
        {
          "url": "https://github.com/proftpd/proftpd/issues/456"
        },
        {
          "url": "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1"
        },
        {
          "url": "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15"
        },
        {
          "url": "https://oryx-embedded.com/download/#changelog"
        },
        {
          "url": "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update"
        },
        {
          "url": "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22"
        },
        {
          "url": "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab"
        },
        {
          "url": "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3"
        },
        {
          "url": "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC"
        },
        {
          "url": "https://crates.io/crates/thrussh/versions"
        },
        {
          "url": "https://github.com/NixOS/nixpkgs/pull/275249"
        },
        {
          "name": "[oss-security] 20231219 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/12/19/5"
        },
        {
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc"
        },
        {
          "url": "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/"
        },
        {
          "name": "[oss-security] 20231220 Re: CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2023/12/20/3"
        },
        {
          "url": "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html"
        },
        {
          "url": "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES"
        },
        {
          "url": "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES"
        },
        {
          "url": "https://github.com/apache/mina-sshd/issues/445"
        },
        {
          "url": "https://github.com/hierynomus/sshj/issues/916"
        },
        {
          "url": "https://github.com/janmojzis/tinyssh/issues/81"
        },
        {
          "url": "https://www.openwall.com/lists/oss-security/2023/12/20/3"
        },
        {
          "url": "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2"
        },
        {
          "url": "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16"
        },
        {
          "name": "FEDORA-2023-0733306be9",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/"
        },
        {
          "name": "DSA-5586",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5586"
        },
        {
          "url": "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508"
        },
        {
          "url": "https://www.theregister.com/2023/12/20/terrapin_attack_ssh"
        },
        {
          "url": "https://filezilla-project.org/versions.php"
        },
        {
          "url": "https://nova.app/releases/#v11.8"
        },
        {
          "url": "https://roumenpetrov.info/secsh/#news20231220"
        },
        {
          "url": "https://www.vandyke.com/products/securecrt/history.txt"
        },
        {
          "url": "https://help.panic.com/releasenotes/transmit5/"
        },
        {
          "url": "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta"
        },
        {
          "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2189"
        },
        {
          "url": "https://winscp.net/eng/docs/history#6.2.2"
        },
        {
          "url": "https://www.bitvise.com/ssh-client-version-history#933"
        },
        {
          "url": "https://github.com/cyd01/KiTTY/issues/520"
        },
        {
          "name": "DSA-5588",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5588"
        },
        {
          "url": "https://github.com/ssh-mitm/ssh-mitm/issues/165"
        },
        {
          "url": "https://news.ycombinator.com/item?id=38732005"
        },
        {
          "name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html"
        },
        {
          "name": "GLSA-202312-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202312-16"
        },
        {
          "name": "GLSA-202312-17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202312-17"
        },
        {
          "name": "FEDORA-2023-20feb865d8",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/"
        },
        {
          "name": "FEDORA-2023-cb8c606fbb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/"
        },
        {
          "name": "FEDORA-2023-e77300e4b5",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/"
        },
        {
          "name": "FEDORA-2023-b87ec6cf47",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/"
        },
        {
          "name": "FEDORA-2023-153404713b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240105-0004/"
        },
        {
          "name": "FEDORA-2024-3bb23c77f3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/"
        },
        {
          "name": "FEDORA-2023-55800423a8",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/"
        },
        {
          "name": "FEDORA-2024-d946b9ad25",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/"
        },
        {
          "name": "FEDORA-2024-71c2c6526c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/"
        },
        {
          "name": "FEDORA-2024-39a8c72ea9",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002"
        },
        {
          "name": "FEDORA-2024-ae653fb07b",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/"
        },
        {
          "name": "FEDORA-2024-2705241461",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/"
        },
        {
          "name": "FEDORA-2024-fb32950d11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/"
        },
        {
          "name": "FEDORA-2024-7b08207cdb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/"
        },
        {
          "name": "FEDORA-2024-06ebb70bdd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/"
        },
        {
          "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3718-1] php-phpseclib security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html"
        },
        {
          "name": "[debian-lts-announce] 20240125 [SECURITY] [DLA 3719-1] phpseclib security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html"
        },
        {
          "name": "FEDORA-2024-a53b24023d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/"
        },
        {
          "name": "FEDORA-2024-3fd1bc9276",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/"
        },
        {
          "url": "https://support.apple.com/kb/HT214084"
        },
        {
          "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2024/Mar/21"
        },
        {
          "name": "[debian-lts-announce] 20240425 [SECURITY] [DLA 3794-1] putty security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html"
        },
        {
          "name": "[oss-security] 20240417 Terrapin vulnerability in Jenkins CLI client",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/04/17/8"
        },
        {
          "name": "[oss-security] 20240306 Multiple vulnerabilities in Jenkins plugins",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/03/06/3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-48795",
    "datePublished": "2023-12-18T00:00:00.000Z",
    "dateReserved": "2023-11-20T00:00:00.000Z",
    "dateUpdated": "2026-05-12T11:02:25.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52425 (GCVE-0-2023-52425)

Vulnerability from cvelistv5 – Published: 2024-02-04 00:00 – Updated: 2025-11-04 18:21

Summary

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

mitre

References

6 references

URL	Tags
https://github.com/libexpat/libexpat/pull/789
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2024…	mailing-list
http://www.openwall.com/lists/oss-security/2024/03/20/5	mailing-list
https://security.netapp.com/advisory/ntap-2024061…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:21:45.774Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/libexpat/libexpat/pull/789"
          },
          {
            "name": "FEDORA-2024-fbe1f0c1aa",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/"
          },
          {
            "name": "FEDORA-2024-b8656bc059",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/"
          },
          {
            "name": "[debian-lts-announce] 20240409 [SECURITY] [DLA 3783-1] expat security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html"
          },
          {
            "name": "[oss-security] 20240320 Security fixes in Python 3.10.14, 3.9.19, and 3.8.19 (CVE-2023-6597 \u0026 CVE-2024-0450)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240614-0003/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00036.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "libexpat",
            "vendor": "libexpat_project",
            "versions": [
              {
                "lessThanOrEqual": "2.5.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52425",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-26T19:20:56.852251Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-26T19:22:48.969Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-14T13:06:11.482Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/libexpat/libexpat/pull/789"
        },
        {
          "name": "FEDORA-2024-fbe1f0c1aa",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNRIHC7DVVRAIWFRGV23Y6UZXFBXSQDB/"
        },
        {
          "name": "FEDORA-2024-b8656bc059",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WNUBSGZFEZOBHJFTAD42SAN4ATW2VEMV/"
        },
        {
          "name": "[debian-lts-announce] 20240409 [SECURITY] [DLA 3783-1] expat security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00006.html"
        },
        {
          "name": "[oss-security] 20240320 Security fixes in Python 3.10.14, 3.9.19, and 3.8.19 (CVE-2023-6597 \u0026 CVE-2024-0450)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240614-0003/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-52425",
    "datePublished": "2024-02-04T00:00:00.000Z",
    "dateReserved": "2024-02-04T00:00:00.000Z",
    "dateUpdated": "2025-11-04T18:21:45.774Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-6129 (GCVE-0-2023-6129)

Vulnerability from cvelistv5 – Published: 2024-01-09 16:36 – Updated: 2026-05-12 10:36

Title

POLY1305 MAC implementation corrupts vector registers on PowerPC

Summary

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue.

Severity

No CVSS data available.

CWE

CWE-440 - Expected Behavior Violation

Assigner

openssl

References

4 references

URL	Tags
https://www.openssl.org/news/secadv/20240109.txt	vendor-advisory
https://github.com/openssl/openssl/commit/5b139f9…	patch
https://github.com/openssl/openssl/commit/f3fc580…	patch
https://github.com/openssl/openssl/commit/050d263…	patch

Impacted products

1 product

Vendor	Product	Version
OpenSSL	OpenSSL	Affected: 3.2.0 , < 3.2.1 (semver) Affected: 3.1.0 , < 3.1.5 (semver) Affected: 3.0.0 , < 3.0.13 (semver)

Date Public

2024-01-09 00:00

Credits

Sverker Eriksson Rohan McLure

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:21:17.314Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20240109.txt"
          },
          {
            "name": "3.2.1 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04"
          },
          {
            "name": "3.1.5 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015"
          },
          {
            "name": "3.0.13 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240216-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240426-0013/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240426-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240503-0011/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-6129",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-22T14:31:57.012999Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T15:28:07.908Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SINEC NMS",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.0 SP1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T10:36:44.839Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.2.1",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.5",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.13",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Sverker Eriksson"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Rohan McLure"
        }
      ],
      "datePublic": "2024-01-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\u003cbr\u003econtains a bug that might corrupt the internal state of applications running\u003cbr\u003eon PowerPC CPU based platforms if the CPU provides vector instructions.\u003cbr\u003e\u003cbr\u003eImpact summary: If an attacker can influence whether the POLY1305 MAC\u003cbr\u003ealgorithm is used, the application state might be corrupted with various\u003cbr\u003eapplication dependent consequences.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\u003cbr\u003ePowerPC CPUs restores the contents of vector registers in a different order\u003cbr\u003ethan they are saved. Thus the contents of some of these vector registers\u003cbr\u003eare corrupted when returning to the caller. The vulnerable code is used only\u003cbr\u003eon newer PowerPC processors supporting the PowerISA 2.07 instructions.\u003cbr\u003e\u003cbr\u003eThe consequences of this kind of internal application state corruption can\u003cbr\u003ebe various - from no consequences, if the calling application does not\u003cbr\u003edepend on the contents of non-volatile XMM registers at all, to the worst\u003cbr\u003econsequences, where the attacker could get complete control of the application\u003cbr\u003eprocess. However unless the compiler uses the vector registers for storing\u003cbr\u003epointers, the most likely consequence, if any, would be an incorrect result\u003cbr\u003eof some application dependent calculations or a crash leading to a denial of\u003cbr\u003eservice.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC algorithm is most frequently used as part of the\u003cbr\u003eCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\u003cbr\u003ealgorithm. The most common usage of this AEAD cipher is with TLS protocol\u003cbr\u003eversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\u003cbr\u003eclient can influence whether this AEAD cipher is used. This implies that\u003cbr\u003eTLS server applications using OpenSSL can be potentially impacted. However\u003cbr\u003ewe are currently not aware of any concrete application that would be affected\u003cbr\u003eby this issue therefore we consider this a Low severity security issue."
            }
          ],
          "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-440",
              "description": "CWE-440 Expected Behavior Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T14:55:55.315Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20240109.txt"
        },
        {
          "name": "3.2.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04"
        },
        {
          "name": "3.1.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015"
        },
        {
          "name": "3.0.13 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "POLY1305 MAC implementation corrupts vector registers on PowerPC",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-6129",
    "datePublished": "2024-01-09T16:36:58.860Z",
    "dateReserved": "2023-11-14T16:12:12.656Z",
    "dateUpdated": "2026-05-12T10:36:44.839Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-0450 (GCVE-0-2024-0450)

Vulnerability from cvelistv5 – Published: 2024-03-19 15:12 – Updated: 2025-11-03 21:50

Title

Quoted zip-bomb protection for zipfile

Summary

An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.

Severity

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-405

Assigner

PSF

References

15 references

URL	Tags
https://github.com/python/cpython/commit/66363b9a…	patch
https://github.com/python/cpython/commit/fa181fcf…	patch
https://github.com/python/cpython/commit/a956e510…	patch
https://github.com/python/cpython/commit/30fe5d85…	patch
https://github.com/python/cpython/commit/a2c59992…	patch
https://github.com/python/cpython/commit/d05bac0b…	patch
https://github.com/python/cpython/issues/109858	issue-tracking
https://www.bamsoftware.com/hacks/zipbomb/
https://mail.python.org/archives/list/security-an…	vendor-advisory
https://lists.debian.org/debian-lts-announce/2024…
https://lists.debian.org/debian-lts-announce/2024…
http://www.openwall.com/lists/oss-security/2024/03/20/5
https://github.com/python/cpython/commit/70497218…	patch
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…

Impacted products

1 product

Vendor	Product	Version
Python Software Foundation	CPython	Affected: 0 , < 3.8.19 (python) Affected: 3.9.0 , < 3.9.19 (python) Affected: 3.10.0 , < 3.10.14 (python) Affected: 3.11.0 , < 3.11.8 (python) Affected: 3.12.0 , < 3.12.2 (python) Affected: 3.13.0a1 , < 3.13.0a3 (python)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:50:58.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/issues/109858"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bamsoftware.com/hacks/zipbomb/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250411-0005/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cpython",
            "vendor": "python",
            "versions": [
              {
                "lessThan": "3.8.18",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "3.9.18"
              },
              {
                "status": "affected",
                "version": "3.10.13"
              },
              {
                "status": "affected",
                "version": "3.11.7"
              },
              {
                "status": "affected",
                "version": "3.12.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0450",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-20T14:30:38.300055Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:00:26.971Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.8.19",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.9.19",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.14",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.8",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.2",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.0a3",
              "status": "affected",
              "version": "3.13.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-405",
              "description": "CWE-405",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T19:24:15.993Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/109858"
        },
        {
          "url": "https://www.bamsoftware.com/hacks/zipbomb/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Quoted zip-bomb protection for zipfile",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2024-0450",
    "datePublished": "2024-03-19T15:12:07.789Z",
    "dateReserved": "2024-01-11T22:16:41.964Z",
    "dateUpdated": "2025-11-03T21:50:58.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-20996 (GCVE-0-2024-20996)

Vulnerability from cvelistv5 – Published: 2024-07-16 22:39 – Updated: 2025-11-04 16:10

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpujul2024.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: * , ≤ 8.0.37 (custom) Affected: * , ≤ 8.4.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20996",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T15:10:59.117239Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T15:33:10.465Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:10:54.359Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240801-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.37",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.0",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.37 and prior and  8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-16T22:39:19.199Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-20996",
    "datePublished": "2024-07-16T22:39:19.199Z",
    "dateReserved": "2023-12-07T22:28:10.643Z",
    "dateUpdated": "2025-11-04T16:10:54.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-21125 (GCVE-0-2024-21125)

Vulnerability from cvelistv5 – Published: 2024-07-16 22:39 – Updated: 2025-11-04 16:10

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpujul2024.html	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Oracle Corporation	MySQL NDB Cluster	Affected: * , ≤ 7.5.34 (custom) Affected: * , ≤ 7.6.30 (custom) Affected: * , ≤ 8.0.37 (custom) Affected: * , ≤ 8.4.0 (custom)
Oracle Corporation	MySQL Server	Affected: * , ≤ 8.0.37 (custom) Affected: * , ≤ 8.4.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21125",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T14:18:35.790703Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T15:59:19.447Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:10:55.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240801-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL NDB Cluster",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "7.5.34",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "7.6.30",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.0.37",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.0",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.37",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.0",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS).  Supported versions that are affected are 8.0.37 and prior and  8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-16T22:39:47.902Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21125",
    "datePublished": "2024-07-16T22:39:47.902Z",
    "dateReserved": "2023-12-07T22:28:10.681Z",
    "dateUpdated": "2025-11-04T16:10:55.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-21127 (GCVE-0-2024-21127)

Vulnerability from cvelistv5 – Published: 2024-07-16 22:39 – Updated: 2025-11-04 16:10

Summary

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpujul2024.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: * , ≤ 8.0.37 (custom) Affected: * , ≤ 8.4.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21127",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T17:29:00.261250Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T21:20:43.623Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:10:56.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240801-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.37",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.0",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).  Supported versions that are affected are 8.0.37 and prior and  8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-16T22:39:52.506Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21127",
    "datePublished": "2024-07-16T22:39:52.506Z",
    "dateReserved": "2023-12-07T22:28:10.681Z",
    "dateUpdated": "2025-11-04T16:10:56.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-21129 (GCVE-0-2024-21129)

Vulnerability from cvelistv5 – Published: 2024-07-16 22:39 – Updated: 2025-11-04 16:10

Summary

Severity

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpujul2024.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	MySQL Server	Affected: * , ≤ 8.0.37 (custom) Affected: * , ≤ 8.4.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21129",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T13:33:07.922717Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-13T16:56:45.779Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:10:57.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240801-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.37",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.0",
              "status": "affected",
              "version": "*",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).  Supported versions that are affected are 8.0.37 and prior and  8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-16T22:39:53.186Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21129",
    "datePublished": "2024-07-16T22:39:53.186Z",
    "dateReserved": "2023-12-07T22:28:10.681Z",
    "dateUpdated": "2025-11-04T16:10:57.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2024-1656

CVE-2021-24112 (GCVE-0-2021-24112)

CVE-2023-37920 (GCVE-0-2023-37920)

CVE-2023-48795 (GCVE-0-2023-48795)

CVE-2023-52425 (GCVE-0-2023-52425)

CVE-2023-6129 (GCVE-0-2023-6129)

CVE-2024-0450 (GCVE-0-2024-0450)

CVE-2024-20996 (GCVE-0-2024-20996)

CVE-2024-21125 (GCVE-0-2024-21125)

CVE-2024-21127 (GCVE-0-2024-21127)

CVE-2024-21129 (GCVE-0-2024-21129)

Tags

Sightings

Nomenclature