Common Weakness Enumeration

CWE-390

Allowed

Detection of Error Condition Without Action

Abstraction: Base · Status: Draft

The product detects a specific error, but takes no actions to handle the error.

31 vulnerabilities reference this CWE, most recent first.

CVE-2024-27919 (GCVE-0-2024-27919)

Vulnerability from cvelistv5 – Published: 2024-04-04 14:30 – Updated: 2025-11-04 18:30
VLAI
Title
HTTP/2: memory exhaustion due to CONTINUATION frame flood
Summary
Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy's HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-390 - Detection of Error Condition Without Action
Assigner
Impacted products
Vendor Product Version
envoyproxy envoy Affected: >= 1.29.0, < 1.29.2
Create a notification for this product.
envoyproxy envoy Affected: 1.29.0 , < 1.29.2 (custom)
    cpe:2.3:a:envoyproxy:envoy:1.29.0:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:envoyproxy:envoy:1.29.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "envoy",
            "vendor": "envoyproxy",
            "versions": [
              {
                "lessThan": "1.29.2",
                "status": "affected",
                "version": "1.29.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27919",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-16T00:03:09.545061Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-16T00:04:41.158Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:30:17.720Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r"
          },
          {
            "name": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/421644"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "envoy",
          "vendor": "envoyproxy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.29.0, \u003c 1.29.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable to the flood of CONTINUATION frames. Envoy\u0027s HTTP/2 codec does not reset a request when header map limits have been exceeded. This allows an attacker to send an sequence of CONTINUATION frames without the END_HEADERS bit set causing unlimited memory consumption. This can lead to denial of service through memory exhaustion. Users should upgrade to versions 1.29.2 to mitigate the effects of the CONTINUATION flood. Note that this vulnerability is a regression in Envoy version 1.29.0 and 1.29.1 only. As a workaround, downgrade to version 1.28.1 or earlier or disable HTTP/2 protocol for downstream connections."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390: Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T18:07:45.997Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gghf-vfxp-799r"
        },
        {
          "name": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/envoyproxy/envoy/commit/57a02565532c18eb9df972a3e8974be3ae59f2d5"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/05/3"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/04/03/16"
        }
      ],
      "source": {
        "advisory": "GHSA-gghf-vfxp-799r",
        "discovery": "UNKNOWN"
      },
      "title": "HTTP/2: memory exhaustion due to CONTINUATION frame flood"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-27919",
    "datePublished": "2024-04-04T14:30:11.144Z",
    "dateReserved": "2024-02-28T15:14:14.214Z",
    "dateUpdated": "2025-11-04T18:30:17.720Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-20316 (GCVE-0-2024-20316)

Vulnerability from cvelistv5 – Published: 2024-03-27 16:49 – Updated: 2024-08-01 21:59
VLAI
Summary
A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL). This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-390 - Detection of Error Condition Without Action
Assigner
Impacted products
Vendor Product Version
Cisco Cisco IOS XE Software Affected: 16.3.1
Affected: 16.3.2
Affected: 16.3.3
Affected: 16.3.1a
Affected: 16.3.4
Affected: 16.3.5
Affected: 16.3.5b
Affected: 16.3.6
Affected: 16.3.7
Affected: 16.3.8
Affected: 16.3.9
Affected: 16.3.10
Affected: 16.3.11
Affected: 16.4.1
Affected: 16.4.2
Affected: 16.4.3
Affected: 16.5.1
Affected: 16.5.1a
Affected: 16.5.1b
Affected: 16.5.2
Affected: 16.5.3
Affected: 16.6.1
Affected: 16.6.2
Affected: 16.6.3
Affected: 16.6.4
Affected: 16.6.5
Affected: 16.6.4a
Affected: 16.6.5a
Affected: 16.6.6
Affected: 16.6.7
Affected: 16.6.8
Affected: 16.6.9
Affected: 16.6.10
Affected: 16.7.1
Affected: 16.7.2
Affected: 16.7.3
Affected: 16.8.1
Affected: 16.8.1a
Affected: 16.8.1b
Affected: 16.8.1s
Affected: 16.8.1c
Affected: 16.8.2
Affected: 16.8.3
Affected: 16.9.1
Affected: 16.9.2
Affected: 16.9.1a
Affected: 16.9.1b
Affected: 16.9.1s
Affected: 16.9.3
Affected: 16.9.4
Affected: 16.9.3a
Affected: 16.9.5
Affected: 16.9.5f
Affected: 16.9.6
Affected: 16.9.7
Affected: 16.9.8
Affected: 16.10.1
Affected: 16.10.1a
Affected: 16.10.1b
Affected: 16.10.1s
Affected: 16.10.1e
Affected: 16.10.2
Affected: 16.10.3
Affected: 16.11.1
Affected: 16.11.1a
Affected: 16.11.1b
Affected: 16.11.2
Affected: 16.11.1s
Affected: 16.12.1
Affected: 16.12.1s
Affected: 16.12.1a
Affected: 16.12.1c
Affected: 16.12.2
Affected: 16.12.2a
Affected: 16.12.3
Affected: 16.12.8
Affected: 16.12.2s
Affected: 16.12.1t
Affected: 16.12.4
Affected: 16.12.3s
Affected: 16.12.3a
Affected: 16.12.4a
Affected: 16.12.5
Affected: 16.12.6
Affected: 16.12.5a
Affected: 16.12.5b
Affected: 16.12.6a
Affected: 16.12.7
Affected: 16.12.9
Affected: 16.12.10
Affected: 16.12.10a
Affected: 16.12.11
Affected: 17.1.1
Affected: 17.1.1a
Affected: 17.1.1s
Affected: 17.1.1t
Affected: 17.1.3
Affected: 17.2.1
Affected: 17.2.1r
Affected: 17.2.1a
Affected: 17.2.1v
Affected: 17.2.2
Affected: 17.2.3
Affected: 17.3.1
Affected: 17.3.2
Affected: 17.3.3
Affected: 17.3.1a
Affected: 17.3.2a
Affected: 17.3.4
Affected: 17.3.5
Affected: 17.3.4a
Affected: 17.3.6
Affected: 17.3.4b
Affected: 17.3.4c
Affected: 17.3.5a
Affected: 17.3.5b
Affected: 17.3.7
Affected: 17.3.8
Affected: 17.3.8a
Affected: 17.4.1
Affected: 17.4.2
Affected: 17.4.1a
Affected: 17.4.1b
Affected: 17.4.2a
Affected: 17.5.1
Affected: 17.5.1a
Affected: 17.6.1
Affected: 17.6.2
Affected: 17.6.1a
Affected: 17.6.3
Affected: 17.6.3a
Affected: 17.6.4
Affected: 17.6.5
Affected: 17.6.6
Affected: 17.6.6a
Affected: 17.6.5a
Affected: 17.7.1
Affected: 17.7.1a
Affected: 17.7.1b
Affected: 17.7.2
Affected: 17.10.1
Affected: 17.10.1a
Affected: 17.10.1b
Affected: 17.8.1
Affected: 17.8.1a
Affected: 17.9.1
Affected: 17.9.2
Affected: 17.9.1a
Affected: 17.9.3
Affected: 17.9.2a
Affected: 17.9.3a
Affected: 17.9.4
Affected: 17.9.4a
Affected: 17.11.1
Affected: 17.11.1a
Affected: 17.12.1
Affected: 17.12.1a
Affected: 17.12.2
Affected: 17.12.2a
Affected: 17.11.99SW
Create a notification for this product.
cisco ios_xe Affected: 16.3.1
Affected: 16.3.2
Affected: 16.3.3
Affected: 16.3.1a
Affected: 16.3.4
Affected: 16.3.5
Affected: 16.3.5b
Affected: 16.3.6
Affected: 16.3.7
Affected: 16.3.8
Affected: 16.3.9
Affected: 16.3.10
Affected: 16.3.11
Affected: 16.4.1
Affected: 16.4.2
Affected: 16.4.3
Affected: 16.5.1
Affected: 16.5.1a
Affected: 16.5.1b
Affected: 16.5.2
Affected: 16.5.3
Affected: 16.6.1
Affected: 16.6.2
Affected: 16.6.3
Affected: 16.6.4
Affected: 16.6.5
Affected: 16.6.4a
Affected: 16.6.5a
Affected: 16.6.6
Affected: 16.6.7
Affected: 16.6.8
Affected: 16.6.9
Affected: 16.6.10
Affected: 16.7.1
Affected: 16.7.2
Affected: 16.7.3
Affected: 16.8.1
Affected: 16.8.1a
Affected: 16.8.1b
Affected: 16.8.1s
Affected: 16.8.1c
Affected: 16.8.2
Affected: 16.8.3
Affected: 16.9.1
Affected: 16.9.2
Affected: 16.9.1a
Affected: 16.9.1b
Affected: 16.9.1s
Affected: 16.9.3
Affected: 16.9.4
Affected: 16.9.3a
Affected: 16.9.5
Affected: 16.9.5f
Affected: 16.9.6
Affected: 16.9.7
Affected: 16.9.8
Affected: 16.10.1
Affected: 16.10.1a
Affected: 16.10.1b
Affected: 16.10.1s
Affected: 16.10.1e
Affected: 16.10.2
Affected: 16.10.3
Affected: 16.11.1
Affected: 16.11.1a
Affected: 16.11.1b
Affected: 16.11.2
Affected: 16.11.1s
Affected: 16.12.1
Affected: 16.12.1s
Affected: 16.12.1a
Affected: 16.12.1c
Affected: 16.12.2
Affected: 16.12.2a
Affected: 16.12.3
Affected: 16.12.8
Affected: 16.12.2s
Affected: 16.12.1t
Affected: 16.12.4
Affected: 16.12.3s
Affected: 16.12.3a
Affected: 16.12.4a
Affected: 16.12.5
Affected: 16.12.6
Affected: 16.12.5a
Affected: 16.12.5b
Affected: 16.12.6a
Affected: 16.12.7
Affected: 16.12.9
Affected: 16.12.10
Affected: 16.12.10a
Affected: 16.12.11
Affected: 17.1.1
Affected: 17.1.1a
Affected: 17.1.1s
Affected: 17.1.1t
Affected: 17.1.3
Affected: 17.2.1
Affected: 17.2.1r
Affected: 17.2.1a
Affected: 17.2.1v
Affected: 17.2.2
Affected: 17.2.3
Affected: 17.3.1
Affected: 17.3.2
Affected: 17.3.3
Affected: 17.3.1a
Affected: 17.3.2a
Affected: 17.3.4
Affected: 17.3.5
Affected: 17.3.4a
Affected: 17.3.6
Affected: 17.3.4b
Affected: 17.3.4c
Affected: 17.3.5a
Affected: 17.3.5b
Affected: 17.3.7
Affected: 17.3.8
Affected: 17.3.8a
Affected: 17.4.1
Affected: 17.4.2
Affected: 17.4.1a
Affected: 17.4.1b
Affected: 17.4.2a
Affected: 17.5.1
Affected: 17.5.1a
Affected: 17.6.1
Affected: 17.6.2
Affected: 17.6.1a
Affected: 17.6.3
Affected: 17.6.3a
Affected: 17.6.4
Affected: 17.6.5
Affected: 17.6.6
Affected: 17.6.6a
Affected: 17.6.5a
Affected: 17.7.1
Affected: 17.7.1a
Affected: 17.7.1b
Affected: 17.7.2
Affected: 17.10.1
Affected: 17.10.1a
Affected: 17.10.1b
Affected: 17.8.1
Affected: 17.8.1a
Affected: 17.9.1
Affected: 17.9.2
Affected: 17.9.1a
Affected: 17.9.3
Affected: 17.9.2a
Affected: 17.9.3a
Affected: 17.9.4
Affected: 17.9.4a
Affected: 17.11.1
Affected: 17.11.1a
Affected: 17.12.1
Affected: 17.12.1a
Affected: 17.12.2
Affected: 17.12.2a
Affected: 17.11.99SW
    cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.3.9:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.3.10:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.3.11:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.6.9:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.6.10:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.9.5:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.9.5f:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.9.6:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.9.7:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.9.8:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.8:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.5:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.6:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.5a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.5b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.6a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.7:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.9:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.10:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.10a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:16.12.11:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.3a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.11.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.12.2:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.12.2a:*:*:*:*:*:*:*
    cpe:2.3:o:cisco:ios_xe:17.11.99SW:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.5b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.7:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.8:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.9:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.10:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.3.11:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.4.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.4.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.4.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.5.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.5.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.5.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.5.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.5.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.4a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.5a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.7:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.8:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.9:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.6.10:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.7.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.7.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.7.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.1s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.1c:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.8.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.1s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.3a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.5f:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.7:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.9.8:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.1s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.1e:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.10.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.11.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.11.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.11.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.11.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.11.1s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.1s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.1c:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.2a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.8:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.2s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.1t:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.3s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.3a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.5a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.5b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.6a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.7:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.9:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.10:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.10a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:16.12.11:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.1s:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.1t:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.1.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.1r:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.1v:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.2a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.7:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.8:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.3.8a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.6a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.6.5a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.3a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.9.4a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.11.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.11.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.12.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.12.1a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.12.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.12.2a:*:*:*:*:*:*:*",
              "cpe:2.3:o:cisco:ios_xe:17.11.99SW:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_xe",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "16.3.1"
              },
              {
                "status": "affected",
                "version": "16.3.2"
              },
              {
                "status": "affected",
                "version": "16.3.3"
              },
              {
                "status": "affected",
                "version": "16.3.1a"
              },
              {
                "status": "affected",
                "version": "16.3.4"
              },
              {
                "status": "affected",
                "version": "16.3.5"
              },
              {
                "status": "affected",
                "version": "16.3.5b"
              },
              {
                "status": "affected",
                "version": "16.3.6"
              },
              {
                "status": "affected",
                "version": "16.3.7"
              },
              {
                "status": "affected",
                "version": "16.3.8"
              },
              {
                "status": "affected",
                "version": "16.3.9"
              },
              {
                "status": "affected",
                "version": "16.3.10"
              },
              {
                "status": "affected",
                "version": "16.3.11"
              },
              {
                "status": "affected",
                "version": "16.4.1"
              },
              {
                "status": "affected",
                "version": "16.4.2"
              },
              {
                "status": "affected",
                "version": "16.4.3"
              },
              {
                "status": "affected",
                "version": "16.5.1"
              },
              {
                "status": "affected",
                "version": "16.5.1a"
              },
              {
                "status": "affected",
                "version": "16.5.1b"
              },
              {
                "status": "affected",
                "version": "16.5.2"
              },
              {
                "status": "affected",
                "version": "16.5.3"
              },
              {
                "status": "affected",
                "version": "16.6.1"
              },
              {
                "status": "affected",
                "version": "16.6.2"
              },
              {
                "status": "affected",
                "version": "16.6.3"
              },
              {
                "status": "affected",
                "version": "16.6.4"
              },
              {
                "status": "affected",
                "version": "16.6.5"
              },
              {
                "status": "affected",
                "version": "16.6.4a"
              },
              {
                "status": "affected",
                "version": "16.6.5a"
              },
              {
                "status": "affected",
                "version": "16.6.6"
              },
              {
                "status": "affected",
                "version": "16.6.7"
              },
              {
                "status": "affected",
                "version": "16.6.8"
              },
              {
                "status": "affected",
                "version": "16.6.9"
              },
              {
                "status": "affected",
                "version": "16.6.10"
              },
              {
                "status": "affected",
                "version": "16.7.1"
              },
              {
                "status": "affected",
                "version": "16.7.2"
              },
              {
                "status": "affected",
                "version": "16.7.3"
              },
              {
                "status": "affected",
                "version": "16.8.1"
              },
              {
                "status": "affected",
                "version": "16.8.1a"
              },
              {
                "status": "affected",
                "version": "16.8.1b"
              },
              {
                "status": "affected",
                "version": "16.8.1s"
              },
              {
                "status": "affected",
                "version": "16.8.1c"
              },
              {
                "status": "affected",
                "version": "16.8.2"
              },
              {
                "status": "affected",
                "version": "16.8.3"
              },
              {
                "status": "affected",
                "version": "16.9.1"
              },
              {
                "status": "affected",
                "version": "16.9.2"
              },
              {
                "status": "affected",
                "version": "16.9.1a"
              },
              {
                "status": "affected",
                "version": "16.9.1b"
              },
              {
                "status": "affected",
                "version": "16.9.1s"
              },
              {
                "status": "affected",
                "version": "16.9.3"
              },
              {
                "status": "affected",
                "version": "16.9.4"
              },
              {
                "status": "affected",
                "version": "16.9.3a"
              },
              {
                "status": "affected",
                "version": "16.9.5"
              },
              {
                "status": "affected",
                "version": "16.9.5f"
              },
              {
                "status": "affected",
                "version": "16.9.6"
              },
              {
                "status": "affected",
                "version": "16.9.7"
              },
              {
                "status": "affected",
                "version": "16.9.8"
              },
              {
                "status": "affected",
                "version": "16.10.1"
              },
              {
                "status": "affected",
                "version": "16.10.1a"
              },
              {
                "status": "affected",
                "version": "16.10.1b"
              },
              {
                "status": "affected",
                "version": "16.10.1s"
              },
              {
                "status": "affected",
                "version": "16.10.1e"
              },
              {
                "status": "affected",
                "version": "16.10.2"
              },
              {
                "status": "affected",
                "version": "16.10.3"
              },
              {
                "status": "affected",
                "version": "16.11.1"
              },
              {
                "status": "affected",
                "version": "16.11.1a"
              },
              {
                "status": "affected",
                "version": "16.11.1b"
              },
              {
                "status": "affected",
                "version": "16.11.2"
              },
              {
                "status": "affected",
                "version": "16.11.1s"
              },
              {
                "status": "affected",
                "version": "16.12.1"
              },
              {
                "status": "affected",
                "version": "16.12.1s"
              },
              {
                "status": "affected",
                "version": "16.12.1a"
              },
              {
                "status": "affected",
                "version": "16.12.1c"
              },
              {
                "status": "affected",
                "version": "16.12.2"
              },
              {
                "status": "affected",
                "version": "16.12.2a"
              },
              {
                "status": "affected",
                "version": "16.12.3"
              },
              {
                "status": "affected",
                "version": "16.12.8"
              },
              {
                "status": "affected",
                "version": "16.12.2s"
              },
              {
                "status": "affected",
                "version": "16.12.1t"
              },
              {
                "status": "affected",
                "version": "16.12.4"
              },
              {
                "status": "affected",
                "version": "16.12.3s"
              },
              {
                "status": "affected",
                "version": "16.12.3a"
              },
              {
                "status": "affected",
                "version": "16.12.4a"
              },
              {
                "status": "affected",
                "version": "16.12.5"
              },
              {
                "status": "affected",
                "version": "16.12.6"
              },
              {
                "status": "affected",
                "version": "16.12.5a"
              },
              {
                "status": "affected",
                "version": "16.12.5b"
              },
              {
                "status": "affected",
                "version": "16.12.6a"
              },
              {
                "status": "affected",
                "version": "16.12.7"
              },
              {
                "status": "affected",
                "version": "16.12.9"
              },
              {
                "status": "affected",
                "version": "16.12.10"
              },
              {
                "status": "affected",
                "version": "16.12.10a"
              },
              {
                "status": "affected",
                "version": "16.12.11"
              },
              {
                "status": "affected",
                "version": "17.1.1"
              },
              {
                "status": "affected",
                "version": "17.1.1a"
              },
              {
                "status": "affected",
                "version": "17.1.1s"
              },
              {
                "status": "affected",
                "version": "17.1.1t"
              },
              {
                "status": "affected",
                "version": "17.1.3"
              },
              {
                "status": "affected",
                "version": "17.2.1"
              },
              {
                "status": "affected",
                "version": "17.2.1r"
              },
              {
                "status": "affected",
                "version": "17.2.1a"
              },
              {
                "status": "affected",
                "version": "17.2.1v"
              },
              {
                "status": "affected",
                "version": "17.2.2"
              },
              {
                "status": "affected",
                "version": "17.2.3"
              },
              {
                "status": "affected",
                "version": "17.3.1"
              },
              {
                "status": "affected",
                "version": "17.3.2"
              },
              {
                "status": "affected",
                "version": "17.3.3"
              },
              {
                "status": "affected",
                "version": "17.3.1a"
              },
              {
                "status": "affected",
                "version": "17.3.2a"
              },
              {
                "status": "affected",
                "version": "17.3.4"
              },
              {
                "status": "affected",
                "version": "17.3.5"
              },
              {
                "status": "affected",
                "version": "17.3.4a"
              },
              {
                "status": "affected",
                "version": "17.3.6"
              },
              {
                "status": "affected",
                "version": "17.3.4b"
              },
              {
                "status": "affected",
                "version": "17.3.4c"
              },
              {
                "status": "affected",
                "version": "17.3.5a"
              },
              {
                "status": "affected",
                "version": "17.3.5b"
              },
              {
                "status": "affected",
                "version": "17.3.7"
              },
              {
                "status": "affected",
                "version": "17.3.8"
              },
              {
                "status": "affected",
                "version": "17.3.8a"
              },
              {
                "status": "affected",
                "version": "17.4.1"
              },
              {
                "status": "affected",
                "version": "17.4.2"
              },
              {
                "status": "affected",
                "version": "17.4.1a"
              },
              {
                "status": "affected",
                "version": "17.4.1b"
              },
              {
                "status": "affected",
                "version": "17.4.2a"
              },
              {
                "status": "affected",
                "version": "17.5.1"
              },
              {
                "status": "affected",
                "version": "17.5.1a"
              },
              {
                "status": "affected",
                "version": "17.6.1"
              },
              {
                "status": "affected",
                "version": "17.6.2"
              },
              {
                "status": "affected",
                "version": "17.6.1a"
              },
              {
                "status": "affected",
                "version": "17.6.3"
              },
              {
                "status": "affected",
                "version": "17.6.3a"
              },
              {
                "status": "affected",
                "version": "17.6.4"
              },
              {
                "status": "affected",
                "version": "17.6.5"
              },
              {
                "status": "affected",
                "version": "17.6.6"
              },
              {
                "status": "affected",
                "version": "17.6.6a"
              },
              {
                "status": "affected",
                "version": "17.6.5a"
              },
              {
                "status": "affected",
                "version": "17.7.1"
              },
              {
                "status": "affected",
                "version": "17.7.1a"
              },
              {
                "status": "affected",
                "version": "17.7.1b"
              },
              {
                "status": "affected",
                "version": "17.7.2"
              },
              {
                "status": "affected",
                "version": "17.10.1"
              },
              {
                "status": "affected",
                "version": "17.10.1a"
              },
              {
                "status": "affected",
                "version": "17.10.1b"
              },
              {
                "status": "affected",
                "version": "17.8.1"
              },
              {
                "status": "affected",
                "version": "17.8.1a"
              },
              {
                "status": "affected",
                "version": "17.9.1"
              },
              {
                "status": "affected",
                "version": "17.9.2"
              },
              {
                "status": "affected",
                "version": "17.9.1a"
              },
              {
                "status": "affected",
                "version": "17.9.3"
              },
              {
                "status": "affected",
                "version": "17.9.2a"
              },
              {
                "status": "affected",
                "version": "17.9.3a"
              },
              {
                "status": "affected",
                "version": "17.9.4"
              },
              {
                "status": "affected",
                "version": "17.9.4a"
              },
              {
                "status": "affected",
                "version": "17.11.1"
              },
              {
                "status": "affected",
                "version": "17.11.1a"
              },
              {
                "status": "affected",
                "version": "17.12.1"
              },
              {
                "status": "affected",
                "version": "17.12.1a"
              },
              {
                "status": "affected",
                "version": "17.12.2"
              },
              {
                "status": "affected",
                "version": "17.12.2a"
              },
              {
                "status": "affected",
                "version": "17.11.99SW"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20316",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-29T17:11:12.713334Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-02T16:25:58.752Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.197Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "16.3.1"
            },
            {
              "status": "affected",
              "version": "16.3.2"
            },
            {
              "status": "affected",
              "version": "16.3.3"
            },
            {
              "status": "affected",
              "version": "16.3.1a"
            },
            {
              "status": "affected",
              "version": "16.3.4"
            },
            {
              "status": "affected",
              "version": "16.3.5"
            },
            {
              "status": "affected",
              "version": "16.3.5b"
            },
            {
              "status": "affected",
              "version": "16.3.6"
            },
            {
              "status": "affected",
              "version": "16.3.7"
            },
            {
              "status": "affected",
              "version": "16.3.8"
            },
            {
              "status": "affected",
              "version": "16.3.9"
            },
            {
              "status": "affected",
              "version": "16.3.10"
            },
            {
              "status": "affected",
              "version": "16.3.11"
            },
            {
              "status": "affected",
              "version": "16.4.1"
            },
            {
              "status": "affected",
              "version": "16.4.2"
            },
            {
              "status": "affected",
              "version": "16.4.3"
            },
            {
              "status": "affected",
              "version": "16.5.1"
            },
            {
              "status": "affected",
              "version": "16.5.1a"
            },
            {
              "status": "affected",
              "version": "16.5.1b"
            },
            {
              "status": "affected",
              "version": "16.5.2"
            },
            {
              "status": "affected",
              "version": "16.5.3"
            },
            {
              "status": "affected",
              "version": "16.6.1"
            },
            {
              "status": "affected",
              "version": "16.6.2"
            },
            {
              "status": "affected",
              "version": "16.6.3"
            },
            {
              "status": "affected",
              "version": "16.6.4"
            },
            {
              "status": "affected",
              "version": "16.6.5"
            },
            {
              "status": "affected",
              "version": "16.6.4a"
            },
            {
              "status": "affected",
              "version": "16.6.5a"
            },
            {
              "status": "affected",
              "version": "16.6.6"
            },
            {
              "status": "affected",
              "version": "16.6.7"
            },
            {
              "status": "affected",
              "version": "16.6.8"
            },
            {
              "status": "affected",
              "version": "16.6.9"
            },
            {
              "status": "affected",
              "version": "16.6.10"
            },
            {
              "status": "affected",
              "version": "16.7.1"
            },
            {
              "status": "affected",
              "version": "16.7.2"
            },
            {
              "status": "affected",
              "version": "16.7.3"
            },
            {
              "status": "affected",
              "version": "16.8.1"
            },
            {
              "status": "affected",
              "version": "16.8.1a"
            },
            {
              "status": "affected",
              "version": "16.8.1b"
            },
            {
              "status": "affected",
              "version": "16.8.1s"
            },
            {
              "status": "affected",
              "version": "16.8.1c"
            },
            {
              "status": "affected",
              "version": "16.8.2"
            },
            {
              "status": "affected",
              "version": "16.8.3"
            },
            {
              "status": "affected",
              "version": "16.9.1"
            },
            {
              "status": "affected",
              "version": "16.9.2"
            },
            {
              "status": "affected",
              "version": "16.9.1a"
            },
            {
              "status": "affected",
              "version": "16.9.1b"
            },
            {
              "status": "affected",
              "version": "16.9.1s"
            },
            {
              "status": "affected",
              "version": "16.9.3"
            },
            {
              "status": "affected",
              "version": "16.9.4"
            },
            {
              "status": "affected",
              "version": "16.9.3a"
            },
            {
              "status": "affected",
              "version": "16.9.5"
            },
            {
              "status": "affected",
              "version": "16.9.5f"
            },
            {
              "status": "affected",
              "version": "16.9.6"
            },
            {
              "status": "affected",
              "version": "16.9.7"
            },
            {
              "status": "affected",
              "version": "16.9.8"
            },
            {
              "status": "affected",
              "version": "16.10.1"
            },
            {
              "status": "affected",
              "version": "16.10.1a"
            },
            {
              "status": "affected",
              "version": "16.10.1b"
            },
            {
              "status": "affected",
              "version": "16.10.1s"
            },
            {
              "status": "affected",
              "version": "16.10.1e"
            },
            {
              "status": "affected",
              "version": "16.10.2"
            },
            {
              "status": "affected",
              "version": "16.10.3"
            },
            {
              "status": "affected",
              "version": "16.11.1"
            },
            {
              "status": "affected",
              "version": "16.11.1a"
            },
            {
              "status": "affected",
              "version": "16.11.1b"
            },
            {
              "status": "affected",
              "version": "16.11.2"
            },
            {
              "status": "affected",
              "version": "16.11.1s"
            },
            {
              "status": "affected",
              "version": "16.12.1"
            },
            {
              "status": "affected",
              "version": "16.12.1s"
            },
            {
              "status": "affected",
              "version": "16.12.1a"
            },
            {
              "status": "affected",
              "version": "16.12.1c"
            },
            {
              "status": "affected",
              "version": "16.12.2"
            },
            {
              "status": "affected",
              "version": "16.12.2a"
            },
            {
              "status": "affected",
              "version": "16.12.3"
            },
            {
              "status": "affected",
              "version": "16.12.8"
            },
            {
              "status": "affected",
              "version": "16.12.2s"
            },
            {
              "status": "affected",
              "version": "16.12.1t"
            },
            {
              "status": "affected",
              "version": "16.12.4"
            },
            {
              "status": "affected",
              "version": "16.12.3s"
            },
            {
              "status": "affected",
              "version": "16.12.3a"
            },
            {
              "status": "affected",
              "version": "16.12.4a"
            },
            {
              "status": "affected",
              "version": "16.12.5"
            },
            {
              "status": "affected",
              "version": "16.12.6"
            },
            {
              "status": "affected",
              "version": "16.12.5a"
            },
            {
              "status": "affected",
              "version": "16.12.5b"
            },
            {
              "status": "affected",
              "version": "16.12.6a"
            },
            {
              "status": "affected",
              "version": "16.12.7"
            },
            {
              "status": "affected",
              "version": "16.12.9"
            },
            {
              "status": "affected",
              "version": "16.12.10"
            },
            {
              "status": "affected",
              "version": "16.12.10a"
            },
            {
              "status": "affected",
              "version": "16.12.11"
            },
            {
              "status": "affected",
              "version": "17.1.1"
            },
            {
              "status": "affected",
              "version": "17.1.1a"
            },
            {
              "status": "affected",
              "version": "17.1.1s"
            },
            {
              "status": "affected",
              "version": "17.1.1t"
            },
            {
              "status": "affected",
              "version": "17.1.3"
            },
            {
              "status": "affected",
              "version": "17.2.1"
            },
            {
              "status": "affected",
              "version": "17.2.1r"
            },
            {
              "status": "affected",
              "version": "17.2.1a"
            },
            {
              "status": "affected",
              "version": "17.2.1v"
            },
            {
              "status": "affected",
              "version": "17.2.2"
            },
            {
              "status": "affected",
              "version": "17.2.3"
            },
            {
              "status": "affected",
              "version": "17.3.1"
            },
            {
              "status": "affected",
              "version": "17.3.2"
            },
            {
              "status": "affected",
              "version": "17.3.3"
            },
            {
              "status": "affected",
              "version": "17.3.1a"
            },
            {
              "status": "affected",
              "version": "17.3.2a"
            },
            {
              "status": "affected",
              "version": "17.3.4"
            },
            {
              "status": "affected",
              "version": "17.3.5"
            },
            {
              "status": "affected",
              "version": "17.3.4a"
            },
            {
              "status": "affected",
              "version": "17.3.6"
            },
            {
              "status": "affected",
              "version": "17.3.4b"
            },
            {
              "status": "affected",
              "version": "17.3.4c"
            },
            {
              "status": "affected",
              "version": "17.3.5a"
            },
            {
              "status": "affected",
              "version": "17.3.5b"
            },
            {
              "status": "affected",
              "version": "17.3.7"
            },
            {
              "status": "affected",
              "version": "17.3.8"
            },
            {
              "status": "affected",
              "version": "17.3.8a"
            },
            {
              "status": "affected",
              "version": "17.4.1"
            },
            {
              "status": "affected",
              "version": "17.4.2"
            },
            {
              "status": "affected",
              "version": "17.4.1a"
            },
            {
              "status": "affected",
              "version": "17.4.1b"
            },
            {
              "status": "affected",
              "version": "17.4.2a"
            },
            {
              "status": "affected",
              "version": "17.5.1"
            },
            {
              "status": "affected",
              "version": "17.5.1a"
            },
            {
              "status": "affected",
              "version": "17.6.1"
            },
            {
              "status": "affected",
              "version": "17.6.2"
            },
            {
              "status": "affected",
              "version": "17.6.1a"
            },
            {
              "status": "affected",
              "version": "17.6.3"
            },
            {
              "status": "affected",
              "version": "17.6.3a"
            },
            {
              "status": "affected",
              "version": "17.6.4"
            },
            {
              "status": "affected",
              "version": "17.6.5"
            },
            {
              "status": "affected",
              "version": "17.6.6"
            },
            {
              "status": "affected",
              "version": "17.6.6a"
            },
            {
              "status": "affected",
              "version": "17.6.5a"
            },
            {
              "status": "affected",
              "version": "17.7.1"
            },
            {
              "status": "affected",
              "version": "17.7.1a"
            },
            {
              "status": "affected",
              "version": "17.7.1b"
            },
            {
              "status": "affected",
              "version": "17.7.2"
            },
            {
              "status": "affected",
              "version": "17.10.1"
            },
            {
              "status": "affected",
              "version": "17.10.1a"
            },
            {
              "status": "affected",
              "version": "17.10.1b"
            },
            {
              "status": "affected",
              "version": "17.8.1"
            },
            {
              "status": "affected",
              "version": "17.8.1a"
            },
            {
              "status": "affected",
              "version": "17.9.1"
            },
            {
              "status": "affected",
              "version": "17.9.2"
            },
            {
              "status": "affected",
              "version": "17.9.1a"
            },
            {
              "status": "affected",
              "version": "17.9.3"
            },
            {
              "status": "affected",
              "version": "17.9.2a"
            },
            {
              "status": "affected",
              "version": "17.9.3a"
            },
            {
              "status": "affected",
              "version": "17.9.4"
            },
            {
              "status": "affected",
              "version": "17.9.4a"
            },
            {
              "status": "affected",
              "version": "17.11.1"
            },
            {
              "status": "affected",
              "version": "17.11.1a"
            },
            {
              "status": "affected",
              "version": "17.12.1"
            },
            {
              "status": "affected",
              "version": "17.12.1a"
            },
            {
              "status": "affected",
              "version": "17.12.2"
            },
            {
              "status": "affected",
              "version": "17.12.2a"
            },
            {
              "status": "affected",
              "version": "17.11.99SW"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).\r\n\r This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "Detection of Error Condition Without Action",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-27T16:49:03.113Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz"
        }
      ],
      "source": {
        "advisory": "cisco-sa-dmi-acl-bypass-Xv8FO8Vz",
        "defects": [
          "CSCwf92391",
          "CSCwe12169"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20316",
    "datePublished": "2024-03-27T16:49:03.113Z",
    "dateReserved": "2023-11-08T15:08:07.632Z",
    "dateUpdated": "2024-08-01T21:59:42.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-12086 (GCVE-0-2024-12086)

Vulnerability from cvelistv5 – Published: 2025-01-14 17:37 – Updated: 2026-06-29 23:43
VLAI
Title
Rsync: rsync server leaks arbitrary client files
Summary
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-390 - Detection of Error Condition Without Action
Assigner
Impacted products
Vendor Product Version
Affected: 0 , ≤ 3.3.0 (semver)
Red Hat Red Hat Enterprise Linux 10 Unaffected: 0:3.4.1-2.el10 , < * (rpm)
    cpe:/o:redhat:enterprise_linux:10.0
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:3.2.5-7.el9_8 , < * (rpm)
    cpe:/a:redhat:enterprise_linux:9::appstream
    cpe:/o:redhat:enterprise_linux:9::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.6 Extended Update Support Unaffected: 0:3.2.5-3.el9_6.1 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.6::appstream
    cpe:/o:redhat:rhel_eus:9.6::baseos
Create a notification for this product.
Red Hat Red Hat Discovery 2 Unaffected: 1782166952 , < * (rpm)
    cpe:/a:redhat:discovery:2::el9
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
Create a notification for this product.
Date Public
2025-01-14 15:06
Credits
Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-12086",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T14:14:25.165183Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T14:20:53.620Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:52:14.220Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250131-0002/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/952657"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/RsyncProject/rsync",
          "defaultStatus": "unaffected",
          "packageName": "rsync",
          "versions": [
            {
              "lessThanOrEqual": "3.3.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.0"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.4.1-2.el10",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.5-7.el9_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream",
            "cpe:/o:redhat:enterprise_linux:9::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.5-7.el9_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream",
            "cpe:/o:redhat:rhel_eus:9.6::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 9.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.5-3.el9_6.1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:discovery:2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "discovery/discovery-ui-rhel9",
          "product": "Red Hat Discovery 2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1782166952",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "rsync",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "affected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Jasiel Spelman (Google), Pedro Gallegos (Google), and Simon Scannell (Google) for reporting this issue."
        }
      ],
      "datePublic": "2025-01-14T15:06:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client\u0027s machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-29T23:43:41.776Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHBA-2025:6470",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2025:6470"
        },
        {
          "name": "RHSA-2026:19368",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:19368"
        },
        {
          "name": "RHSA-2026:20603",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:20603"
        },
        {
          "name": "RHSA-2026:29197",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:29197"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-12086"
        },
        {
          "name": "RHBZ#2330577",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330577"
        },
        {
          "url": "https://kb.cert.org/vuls/id/952657"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-12-05T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-01-14T15:06:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Rsync: rsync server leaks arbitrary client files",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-390: Detection of Error Condition Without Action"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-12086",
    "datePublished": "2025-01-14T17:37:54.960Z",
    "dateReserved": "2024-12-03T08:57:58.397Z",
    "dateUpdated": "2026-06-29T23:43:41.776Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-11942 (GCVE-0-2024-11942)

Vulnerability from cvelistv5 – Published: 2024-12-05 14:42 – Updated: 2024-12-05 15:41
VLAI
Title
Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002
Summary
A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-390 - Detection of Error Condition Without Action
Assigner
References
Impacted products
Vendor Product Version
Drupal Drupal Core Affected: 10.0.0 , < 10.2.10 (semver)
Create a notification for this product.
drupal drupal_core Affected: 10.0.0 , < 10.2.10 (semver)
    cpe:2.3:a:drupal:drupal_core:*:*:*:*:*:*:*:*
Create a notification for this product.
Date Public
2024-10-17 00:09
Credits
Pierre Rudloff catch Lee Rowlands Benji Fisher Kim Pepper Wim Leers xjm Dave Long Juraj Nemec
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:drupal:drupal_core:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "drupal_core",
            "vendor": "drupal",
            "versions": [
              {
                "lessThan": "10.2.10",
                "status": "affected",
                "version": "10.0.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-11942",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-05T15:32:51.782373Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-05T15:41:56.600Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.drupal.org/project/drupal",
          "defaultStatus": "unaffected",
          "product": "Drupal Core",
          "vendor": "Drupal",
          "versions": [
            {
              "lessThan": "10.2.10",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pierre Rudloff"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "catch"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Lee Rowlands"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Benji Fisher"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Kim Pepper"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Wim Leers"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "xjm"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Dave Long"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Juraj Nemec"
        }
      ],
      "datePublic": "2024-10-17T00:09:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A vulnerability in Drupal Core allows File Manipulation.\u003cp\u003eThis issue affects Drupal Core: from 10.0.0 before 10.2.10.\u003c/p\u003e"
            }
          ],
          "value": "A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-165",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-165 File Manipulation"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390 Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-05T14:42:07.812Z",
        "orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
        "shortName": "drupal"
      },
      "references": [
        {
          "url": "https://www.drupal.org/sa-core-2024-002"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
    "assignerShortName": "drupal",
    "cveId": "CVE-2024-11942",
    "datePublished": "2024-12-05T14:42:07.812Z",
    "dateReserved": "2024-11-27T23:16:49.385Z",
    "dateUpdated": "2024-12-05T15:41:56.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-40391 (GCVE-0-2021-40391)

Vulnerability from cvelistv5 – Published: 2021-11-19 18:53 – Updated: 2024-08-04 02:44
VLAI
Summary
An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CWE
  • CWE-390 - Detection of Error Condition Without Action
Assigner
References
Impacted products
Vendor Product Version
n/a Gerbv Affected: Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:44:09.158Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
          },
          {
            "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
          },
          {
            "name": "FEDORA-2022-4a3ef86baa",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Gerbv",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390: Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-09T03:06:21.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
        },
        {
          "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
        },
        {
          "name": "FEDORA-2022-4a3ef86baa",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2021-40391",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Gerbv",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Gerbv 2.7.0 , Gerbv dev (commit b5f1eacd) ,Gerbv forked dev (commit 71493260)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 10,
            "baseSeverity": null,
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-390: Detection of Error Condition Without Action"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402",
              "refsource": "MISC",
              "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2021-1402"
            },
            {
              "name": "[debian-lts-announce] 20211203 [SECURITY] [DLA 2839-1] gerbv security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00003.html"
            },
            {
              "name": "FEDORA-2022-4a3ef86baa",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUM5GIUZJ7AVHVCXDZW6ZVCAPV2ISN47/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2021-40391",
    "datePublished": "2021-11-19T18:53:49.000Z",
    "dateReserved": "2021-09-01T00:00:00.000Z",
    "dateUpdated": "2024-08-04T02:44:09.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-5051 (GCVE-0-2019-5051)

Vulnerability from cvelistv5 – Published: 2019-07-03 18:43 – Updated: 2024-08-04 19:47
VLAI
Summary
An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.
CWE
  • CWE-390 - Detection of Error Condition Without Action
Assigner
References
URL Tags
https://lists.debian.org/debian-lts-announce/2019… mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou… vendor-advisoryx_refsource_SUSE
https://usn.ubuntu.com/4238-1/ vendor-advisoryx_refsource_UBUNTU
https://talosintelligence.com/vulnerability_repor… x_refsource_MISC
Impacted products
Vendor Product Version
n/a Simple DirectMedia Affected: Simple DirectMedia Layer SDL2_image 2.0.4
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:47:55.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
          },
          {
            "name": "openSUSE-SU-2019:2070",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2019:2108",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
          },
          {
            "name": "USN-4238-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4238-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Simple DirectMedia",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Simple DirectMedia Layer SDL2_image 2.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390: Detection of Error Condition Without Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T17:33:25.000Z",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
        },
        {
          "name": "openSUSE-SU-2019:2070",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2019:2108",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
        },
        {
          "name": "USN-4238-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4238-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2019-5051",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Simple DirectMedia",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Simple DirectMedia Layer SDL2_image 2.0.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 8.8,
            "baseSeverity": "High",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-390: Detection of Error Condition Without Action"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html"
            },
            {
              "name": "openSUSE-SU-2019:2070",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00012.html"
            },
            {
              "name": "openSUSE-SU-2019:2108",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html"
            },
            {
              "name": "USN-4238-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4238-1/"
            },
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0820"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2019-5051",
    "datePublished": "2019-07-03T18:43:48.000Z",
    "dateReserved": "2019-01-04T00:00:00.000Z",
    "dateUpdated": "2024-08-04T19:47:55.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-7485 (GCVE-0-2017-7485)

Vulnerability from cvelistv5 – Published: 2017-05-12 19:00 – Updated: 2024-08-05 16:04
VLAI
Summary
In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server.
Severity
No CVSS data available.
CWE
Assigner
References
URL Tags
http://www.securitytracker.com/id/1038476 vdb-entryx_refsource_SECTRACK
http://www.debian.org/security/2017/dsa-3851 vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2425 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1678 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1677 vendor-advisoryx_refsource_REDHAT
https://www.postgresql.org/about/news/1746/ x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1838 vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/98461 vdb-entryx_refsource_BID
https://security.gentoo.org/glsa/201710-06 vendor-advisoryx_refsource_GENTOO
Impacted products
Date Public
2017-05-12 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038476",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038476"
          },
          {
            "name": "DSA-3851",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3851"
          },
          {
            "name": "RHSA-2017:2425",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2425"
          },
          {
            "name": "RHSA-2017:1678",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1678"
          },
          {
            "name": "RHSA-2017:1677",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1677"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.postgresql.org/about/news/1746/"
          },
          {
            "name": "RHSA-2017:1838",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1838"
          },
          {
            "name": "98461",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98461"
          },
          {
            "name": "GLSA-201710-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201710-06"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PostgreSQL",
          "vendor": "The PostgreSQL Global Development Group",
          "versions": [
            {
              "status": "affected",
              "version": "9.3 - 9.6"
            }
          ]
        }
      ],
      "datePublic": "2017-05-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-390",
              "description": "CWE-390",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "1038476",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038476"
        },
        {
          "name": "DSA-3851",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3851"
        },
        {
          "name": "RHSA-2017:2425",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2425"
        },
        {
          "name": "RHSA-2017:1678",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1678"
        },
        {
          "name": "RHSA-2017:1677",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1677"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.postgresql.org/about/news/1746/"
        },
        {
          "name": "RHSA-2017:1838",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1838"
        },
        {
          "name": "98461",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98461"
        },
        {
          "name": "GLSA-201710-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201710-06"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-7485",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PostgreSQL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.3 - 9.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The PostgreSQL Global Development Group"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the SSL/TLS protection from a connection between a client and a server."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-390"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038476",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038476"
            },
            {
              "name": "DSA-3851",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3851"
            },
            {
              "name": "RHSA-2017:2425",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2425"
            },
            {
              "name": "RHSA-2017:1678",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1678"
            },
            {
              "name": "RHSA-2017:1677",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1677"
            },
            {
              "name": "https://www.postgresql.org/about/news/1746/",
              "refsource": "CONFIRM",
              "url": "https://www.postgresql.org/about/news/1746/"
            },
            {
              "name": "RHSA-2017:1838",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1838"
            },
            {
              "name": "98461",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98461"
            },
            {
              "name": "GLSA-201710-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201710-06"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7485",
    "datePublished": "2017-05-12T19:00:00.000Z",
    "dateReserved": "2017-04-05T00:00:00.000Z",
    "dateUpdated": "2024-08-05T16:04:11.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-4X29-79GH-6V8Q

Vulnerability from github – Published: 2026-06-29 21:32 – Updated: 2026-06-30 15:30
VLAI
Details

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118.

Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53434"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-390"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-29T21:16:44Z",
    "severity": "CRITICAL"
  },
  "details": "Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118.\n\nUsers are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue.",
  "id": "GHSA-4x29-79gh-6v8q",
  "modified": "2026-06-30T15:30:43Z",
  "published": "2026-06-29T21:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53434"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread/x510lbq0sfrd1qyo7q3r1mpllgpdcosk"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/06/29/22"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-52JR-X6H6-XJ6G

Vulnerability from github – Published: 2024-12-05 15:31 – Updated: 2024-12-05 19:58
VLAI
Summary
Drupal core vulnerable to improper error handling
Details

Under certain uncommon site configurations, a bug in the CKEditor 5 module can cause some image uploads to move the entire webroot to a different location on the file system. This could be exploited by a malicious user to take down a site.

The issue is mitigated by the fact that several non-default site configurations must exist simultaneously for this to occur.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "drupal/core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "10.0.0"
            },
            {
              "fixed": "10.2.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-11942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-390"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-12-05T19:58:23Z",
    "nvd_published_at": "2024-12-05T15:15:08Z",
    "severity": "MODERATE"
  },
  "details": "Under certain uncommon site configurations, a bug in the CKEditor 5 module can cause some image uploads to move the entire webroot to a different location on the file system. This could be exploited by a malicious user to take down a site.\n\nThe issue is mitigated by the fact that several non-default site configurations must exist simultaneously for this to occur.",
  "id": "GHSA-52jr-x6h6-xj6g",
  "modified": "2024-12-05T19:58:23Z",
  "published": "2024-12-05T15:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11942"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/drupal/core"
    },
    {
      "type": "WEB",
      "url": "https://www.drupal.org/sa-core-2024-002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Drupal core vulnerable to improper error handling"
}

GHSA-6RX6-H35G-58G2

Vulnerability from github – Published: 2024-03-27 18:32 – Updated: 2024-03-27 18:32
VLAI
Details

A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).

This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20316"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-390"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-27T17:15:53Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the data model interface (DMI) services of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access resources that should have been protected by a configured IPv4 access control list (ACL).\n\n This vulnerability is due to improper handling of error conditions when a successfully authorized device administrator updates an IPv4 ACL using the NETCONF or RESTCONF protocol, and the update would reorder access control entries (ACEs) in the updated ACL. An attacker could exploit this vulnerability by accessing resources that should have been protected across an affected device.",
  "id": "GHSA-6rx6-h35g-58g2",
  "modified": "2024-03-27T18:32:38Z",
  "published": "2024-03-27T18:32:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20316"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dmi-acl-bypass-Xv8FO8Vz"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Implementation

Properly handle each exception. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment.

Mitigation
Implementation

If a function returns an error, it is important to either fix the problem and try again, alert the user that an error has happened and let the program continue, or alert the user and close and cleanup the program.

Mitigation
Testing

Subject the product to extensive testing to discover some of the possible instances of where/how errors or return values are not handled. Consider testing techniques such as ad hoc, equivalence partitioning, robustness and fault tolerance, mutation, and fuzzing.

No CAPEC attack patterns related to this CWE.