Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-42950 (GCVE-0-2023-42950)
Vulnerability from cvelistv5 – Published: 2024-03-28 15:39 – Updated: 2025-11-03 21:49
VLAI?
EPSS
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity ?
8.8 (High)
CWE
- Processing maliciously crafted web content may lead to arbitrary code execution
Assigner
References
8 references
Impacted products
5 products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:49:36.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214039"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214035"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214040"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214036"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT214041"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214039"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241018-0009/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "safari",
"vendor": "apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "iphone_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipad_os",
"vendor": "apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tvos",
"vendor": "apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "macos",
"vendor": "apple",
"versions": [
{
"lessThan": "14.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:apple:watchos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "watchos",
"vendor": "apple",
"versions": [
{
"lessThan": "10.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-42950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-28T17:46:25.004934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-09T15:40:20.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Safari",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "tvOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "17.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "14.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "10.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Processing maliciously crafted web content may lead to arbitrary code execution",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T09:06:23.795Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214039"
},
{
"url": "https://support.apple.com/en-us/HT214035"
},
{
"url": "https://support.apple.com/en-us/HT214040"
},
{
"url": "https://support.apple.com/en-us/HT214036"
},
{
"url": "https://support.apple.com/en-us/HT214041"
},
{
"url": "https://support.apple.com/kb/HT214039"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2023-42950",
"datePublished": "2024-03-28T15:39:16.227Z",
"dateReserved": "2023-09-14T19:05:11.474Z",
"dateUpdated": "2025-11-03T21:49:36.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-42950",
"date": "2026-05-21",
"epss": "0.00645",
"percentile": "0.70922"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"17.2\", \"matchCriteriaId\": \"A894FAB1-74AE-4B4F-A005-ED6A67606414\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"17.2\", \"matchCriteriaId\": \"C4117208-4072-4F4C-AC42-97683B6F8FF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"17.2\", \"matchCriteriaId\": \"00FC779B-E45C-4B34-976F-490C38C22C67\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0\", \"versionEndExcluding\": \"14.2\", \"matchCriteriaId\": \"6892DEBD-024E-414B-9282-DCCCF23A3BDD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"17.2\", \"matchCriteriaId\": \"780F2778-8AE1-4C48-8ADF-D4B7D44C3987\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.2\", \"matchCriteriaId\": \"1183933F-F52A-45A7-B118-FC8B8BDD5509\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.\"}, {\"lang\": \"es\", \"value\": \"Se solucion\\u00f3 un problema de use after free con una gesti\\u00f3n de memoria mejorada. Este problema se solucion\\u00f3 en Safari 17.2, iOS 17.2 y iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\\u00f3n de c\\u00f3digo arbitrario.\"}]",
"id": "CVE-2023-42950",
"lastModified": "2024-11-21T08:23:35.033",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2024-03-28T16:15:08.313",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/26/1\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/en-us/HT214035\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214036\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214039\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214040\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214041\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214039\", \"source\": \"product-security@apple.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/26/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/en-us/HT214035\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214036\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214039\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214040\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT214041\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT214039\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-42950\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2024-03-28T16:15:08.313\",\"lastModified\":\"2025-11-03T22:16:27.070\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en Safari 17.2, iOS 17.2 y iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.2\",\"matchCriteriaId\":\"A894FAB1-74AE-4B4F-A005-ED6A67606414\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.2\",\"matchCriteriaId\":\"C4117208-4072-4F4C-AC42-97683B6F8FF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.2\",\"matchCriteriaId\":\"00FC779B-E45C-4B34-976F-490C38C22C67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.2\",\"matchCriteriaId\":\"6892DEBD-024E-414B-9282-DCCCF23A3BDD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"17.2\",\"matchCriteriaId\":\"780F2778-8AE1-4C48-8ADF-D4B7D44C3987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2\",\"matchCriteriaId\":\"1183933F-F52A-45A7-B118-FC8B8BDD5509\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/26/1\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT214035\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214036\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214039\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214040\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214041\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214039\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/26/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20241018-0009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT214035\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214036\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214040\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT214041\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.apple.com/en-us/HT214039\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214035\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214040\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214036\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/en-us/HT214041\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214039\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/26/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20241018-0009/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:49:36.789Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-42950\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-28T17:46:25.004934Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"iphone_os\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"ipad_os\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"tvos\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"macos\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"14.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:apple:watchos:*:*:*:*:*:*:*:*\"], \"vendor\": \"apple\", \"product\": \"watchos\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"10.2\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-09T15:37:16.135Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Apple\", \"product\": \"Safari\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"iOS and iPadOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"tvOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"17.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"macOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"14.2\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Apple\", \"product\": \"watchOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"10.2\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://support.apple.com/en-us/HT214039\"}, {\"url\": \"https://support.apple.com/en-us/HT214035\"}, {\"url\": \"https://support.apple.com/en-us/HT214040\"}, {\"url\": \"https://support.apple.com/en-us/HT214036\"}, {\"url\": \"https://support.apple.com/en-us/HT214041\"}, {\"url\": \"https://support.apple.com/kb/HT214039\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/26/1\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Processing maliciously crafted web content may lead to arbitrary code execution\"}]}], \"providerMetadata\": {\"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\", \"dateUpdated\": \"2024-06-12T09:06:23.795Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-42950\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:49:36.789Z\", \"dateReserved\": \"2023-09-14T19:05:11.474Z\", \"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"datePublished\": \"2024-03-28T15:39:16.227Z\", \"assignerShortName\": \"apple\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2024-AVI-0883
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle GraalVM Enterprise Edition versions 20.3.15 et 21.3.11 ",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM for JDK versions 17.0.12, 21.0.4 et 23",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE versions 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 et 23",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2024-21211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21211"
},
{
"name": "CVE-2023-42956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42956"
},
{
"name": "CVE-2024-23280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23280"
},
{
"name": "CVE-2024-23252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23252"
},
{
"name": "CVE-2024-27834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27834"
},
{
"name": "CVE-2024-23254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23254"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2023-42843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42843"
},
{
"name": "CVE-2023-42950",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42950"
},
{
"name": "CVE-2024-23263",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23263"
},
{
"name": "CVE-2024-23284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23284"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0883",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
"vendor_advisories": [
{
"published_at": "2024-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Java SE cpuoct2024",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
CERTFR-2024-AVI-0883
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Java SE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle GraalVM Enterprise Edition versions 20.3.15 et 21.3.11 ",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM for JDK versions 17.0.12, 21.0.4 et 23",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE versions 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 et 23",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2024-21211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21211"
},
{
"name": "CVE-2023-42956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42956"
},
{
"name": "CVE-2024-23280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23280"
},
{
"name": "CVE-2024-23252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23252"
},
{
"name": "CVE-2024-27834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27834"
},
{
"name": "CVE-2024-23254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23254"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2023-42843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42843"
},
{
"name": "CVE-2023-42950",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42950"
},
{
"name": "CVE-2024-23263",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23263"
},
{
"name": "CVE-2024-23284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23284"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0883",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Java SE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Java SE",
"vendor_advisories": [
{
"published_at": "2024-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Java SE cpuoct2024",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
alsa-2024:9144
Vulnerability from osv_almalinux
Published
2024-11-12 00:00
Modified
2024-11-19 06:23
Summary
Important: webkit2gtk3 security update
Details
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
- webkit: visiting a malicious website may lead to address bar spoofing (CVE-2023-42843)
- webkit: heap use-after-free may lead to arbitrary code execution (CVE-2023-42950)
- webkit: processing malicious web content may lead to a denial of service (CVE-2023-42956)
- chromium-browser: Use after free in ANGLE (CVE-2024-4558)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.44.3-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.44.3-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.44.3-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "webkit2gtk3-jsc-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.44.3-2.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. \n\nSecurity Fix(es): \n\n * webkit: visiting a malicious website may lead to address bar spoofing (CVE-2023-42843)\n * webkit: heap use-after-free may lead to arbitrary code execution (CVE-2023-42950)\n * webkit: processing malicious web content may lead to a denial of service (CVE-2023-42956)\n * chromium-browser: Use after free in ANGLE (CVE-2024-4558)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. \n\nAdditional Changes: \n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.\n",
"id": "ALSA-2024:9144",
"modified": "2024-11-19T06:23:59Z",
"published": "2024-11-12T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:9144"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-42843"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-42950"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-42956"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-4558"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2271717"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2271718"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2271719"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2279689"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-9144.html"
}
],
"related": [
"CVE-2023-42843",
"CVE-2023-42950",
"CVE-2023-42956",
"CVE-2024-4558"
],
"summary": "Important: webkit2gtk3 security update"
}
BDU:2024-02479
Vulnerability from fstec - Published: 25.03.2024
VLAI Severity ?
Title
Уязвимость модулей отображения веб-страниц WebKitGTK и WPE WebKit операционных систем iOS, iPadOS, tvOS, macOS, watchOS, браузера Safari, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость модулей отображения веб-страниц WebKitGTK+ и WPE WebKit операционных систем iOS, iPadOS, tvOS, macOS, watchOS, браузера Safari связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
ООО «РусБИТех-Астра», Apple Inc., Сообщество свободного программного обеспечения, АО "НППКТ", Axiom JDK
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), watchOS, tvOS, MacOS, Safari, iOS, iPadOS, WPE WebKit, WebKitGTK, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Axiom AxiomJDK
Software Version
1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 10.2 (watchOS), до 17.2 (tvOS), до Sonoma 14.2 (MacOS), до 17.2 (Safari), до 17.2 (iOS), до 17.2 (iPadOS), до 2.44.0 (WPE WebKit), до 2.44.0 (WebKitGTK), до 2.11 (ОСОН ОСнова Оnyx), до 11.0.24.0.1 (Axiom AxiomJDK), до 17.0.12.0.1 (Axiom AxiomJDK), до 21.0.4.0.1 (Axiom AxiomJDK)
Possible Mitigations
Использование рекомендаций
Для программных продуктов Apple Inc.:
https://support.apple.com/en-us/HT214035
https://support.apple.com/en-us/HT214036
https://support.apple.com/en-us/HT214039
https://support.apple.com/en-us/HT214040
https://support.apple.com/en-us/HT214041
Для WebKitGTK и WPE WebKit:
https://wpewebkit.org/security/WSA-2024-0002.html
Для ОСОН ОСнова Оnyx (2.11):
Обновление программного обеспечения webkit2gtk до версии 2.44.2-1~deb11u1.osnova1
Для ОС Astra Linux:
обновить пакет webkit2gtk до 2.44.2-1~deb11u1+ci202406131437+astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
Для Astra Linux Special Edition 4.7 для архитектуры ARM:
обновить пакет webkit2gtk до 2.44.2-1~deb11u1+ci202406131437+astra4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
Для AxiomJDK:
https://axiomjdk.ru/pages/downloads/
Reference
https://safe-surf.ru/upload/VULN-new/VULN.2024-03-25.1.pdf
https://wpewebkit.org/security/WSA-2024-0002.html
https://support.apple.com/en-us/HT214035
https://support.apple.com/en-us/HT214036
https://support.apple.com/en-us/HT214039
https://support.apple.com/en-us/HT214040
https://support.apple.com/en-us/HT214041
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.11/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
https://axiomjdk.ru/pages/downloads/
CWE
CWE-416
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Apple Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", Axiom JDK",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 10.2 (watchOS), \u0434\u043e 17.2 (tvOS), \u0434\u043e Sonoma 14.2 (MacOS), \u0434\u043e 17.2 (Safari), \u0434\u043e 17.2 (iOS), \u0434\u043e 17.2 (iPadOS), \u0434\u043e 2.44.0 (WPE WebKit), \u0434\u043e 2.44.0 (WebKitGTK), \u0434\u043e 2.11 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 11.0.24.0.1 (Axiom AxiomJDK), \u0434\u043e 17.0.12.0.1 (Axiom AxiomJDK), \u0434\u043e 21.0.4.0.1 (Axiom AxiomJDK)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Apple Inc.:\nhttps://support.apple.com/en-us/HT214035\nhttps://support.apple.com/en-us/HT214036\nhttps://support.apple.com/en-us/HT214039\nhttps://support.apple.com/en-us/HT214040\nhttps://support.apple.com/en-us/HT214041\n\n\u0414\u043b\u044f WebKitGTK \u0438 WPE WebKit:\nhttps://wpewebkit.org/security/WSA-2024-0002.html\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (2.11):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f webkit2gtk \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.44.2-1~deb11u1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 webkit2gtk \u0434\u043e 2.44.2-1~deb11u1+ci202406131437+astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 webkit2gtk \u0434\u043e 2.44.2-1~deb11u1+ci202406131437+astra4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n\n\u0414\u043b\u044f AxiomJDK:\nhttps://axiomjdk.ru/pages/downloads/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.03.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "31.01.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.04.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-02479",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-42950",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), watchOS, tvOS, MacOS, Safari, iOS, iPadOS, WPE WebKit, WebKitGTK, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Axiom AxiomJDK",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Apple Inc. watchOS \u0434\u043e 10.2 , Apple Inc. tvOS \u0434\u043e 17.2 , Apple Inc. MacOS \u0434\u043e Sonoma 14.2 , Apple Inc. iOS \u0434\u043e 17.2 , Apple Inc. iPadOS \u0434\u043e 17.2 , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.11 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK \u0438 WPE WebKit \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c iOS, iPadOS, tvOS, macOS, watchOS, \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Safari, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u0435\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0435\u043d\u0438\u044f \u0432\u0435\u0431-\u0441\u0442\u0440\u0430\u043d\u0438\u0446 WebKitGTK+ \u0438 WPE WebKit \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c iOS, iPadOS, tvOS, macOS, watchOS, \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Safari \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://safe-surf.ru/upload/VULN-new/VULN.2024-03-25.1.pdf\nhttps://wpewebkit.org/security/WSA-2024-0002.html\nhttps://support.apple.com/en-us/HT214035\nhttps://support.apple.com/en-us/HT214036\nhttps://support.apple.com/en-us/HT214039\nhttps://support.apple.com/en-us/HT214040\nhttps://support.apple.com/en-us/HT214041\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.11/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://axiomjdk.ru/pages/downloads/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}
bit-java-2023-42950
Vulnerability from bitnami_vulndb
Published
2026-05-06 14:44
Modified
2026-05-08 06:11
Summary
Details
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "java",
"purl": "pkg:bitnami/java"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.0"
},
{
"introduced": "1.9.0"
},
{
"fixed": "8.0.431"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2023-42950"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:bellsoft:libericajdk:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "BIT-java-2023-42950",
"modified": "2026-05-08T06:11:36.072Z",
"published": "2026-05-06T14:44:05.128Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42950"
},
{
"type": "WEB",
"url": "https://openjdk.org/groups/vulnerability/advisories/2024-10-15"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241018-0009/"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214035"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214036"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214039"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214040"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214041"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214039"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"schema_version": "1.6.2"
}
bit-jre-2023-42950
Vulnerability from bitnami_vulndb
Published
2026-05-08 05:45
Modified
2026-05-08 06:11
Summary
Details
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "jre",
"purl": "pkg:bitnami/jre"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.0"
},
{
"introduced": "1.9.0"
},
{
"fixed": "8.0.431"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2023-42950"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:bellsoft:libericajre:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "BIT-jre-2023-42950",
"modified": "2026-05-08T06:11:36.072Z",
"published": "2026-05-08T05:45:40.029Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42950"
},
{
"type": "WEB",
"url": "https://openjdk.org/groups/vulnerability/advisories/2024-10-15"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241018-0009/"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214035"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214036"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214039"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214040"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214041"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214039"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"schema_version": "1.6.2"
}
FKIE_CVE-2023-42950
Vulnerability from fkie_nvd - Published: 2024-03-28 16:15 - Updated: 2025-11-03 22:16
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | http://www.openwall.com/lists/oss-security/2024/03/26/1 | ||
| product-security@apple.com | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/ | ||
| product-security@apple.com | https://support.apple.com/en-us/HT214035 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT214036 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT214039 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT214040 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/en-us/HT214041 | Release Notes, Vendor Advisory | |
| product-security@apple.com | https://support.apple.com/kb/HT214039 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2024/03/26/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20241018-0009/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214035 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214036 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214039 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214040 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT214041 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT214039 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A894FAB1-74AE-4B4F-A005-ED6A67606414",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4117208-4072-4F4C-AC42-97683B6F8FF5",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00FC779B-E45C-4B34-976F-490C38C22C67",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD",
"versionEndExcluding": "14.2",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "780F2778-8AE1-4C48-8ADF-D4B7D44C3987",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1183933F-F52A-45A7-B118-FC8B8BDD5509",
"versionEndExcluding": "10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en Safari 17.2, iOS 17.2 y iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2023-42950",
"lastModified": "2025-11-03T22:16:27.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-28T16:15:08.313",
"references": [
{
"source": "product-security@apple.com",
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "product-security@apple.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214035"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214036"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214039"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214040"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214041"
},
{
"source": "product-security@apple.com",
"url": "https://support.apple.com/kb/HT214039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241018-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214040"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/kb/HT214039"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
GHSA-6CVP-282G-6JP8
Vulnerability from github – Published: 2024-03-28 18:30 – Updated: 2025-11-04 00:30
VLAI?
Details
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2023-42950"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-28T16:15:08Z",
"severity": "HIGH"
},
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GHSA-6cvp-282g-6jp8",
"modified": "2025-11-04T00:30:48Z",
"published": "2024-03-28T18:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42950"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20241018-0009"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214035"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214036"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214039"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214040"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT214041"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT214039"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-42950
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-42950",
"id": "GSD-2023-42950"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-42950"
],
"details": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.",
"id": "GSD-2023-42950",
"modified": "2023-12-13T01:20:21.493094Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2023-42950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "17.2"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "17.2"
}
]
}
},
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "17.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "14.2"
}
]
}
},
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "unspecified",
"version_value": "10.2"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Processing maliciously crafted web content may lead to arbitrary code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT214039",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214039"
},
{
"name": "https://support.apple.com/en-us/HT214035",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214035"
},
{
"name": "https://support.apple.com/en-us/HT214040",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214040"
},
{
"name": "https://support.apple.com/en-us/HT214036",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214036"
},
{
"name": "https://support.apple.com/en-us/HT214041",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT214041"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A894FAB1-74AE-4B4F-A005-ED6A67606414",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4117208-4072-4F4C-AC42-97683B6F8FF5",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00FC779B-E45C-4B34-976F-490C38C22C67",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6892DEBD-024E-414B-9282-DCCCF23A3BDD",
"versionEndExcluding": "14.2",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "780F2778-8AE1-4C48-8ADF-D4B7D44C3987",
"versionEndExcluding": "17.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1183933F-F52A-45A7-B118-FC8B8BDD5509",
"versionEndExcluding": "10.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de use after free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en Safari 17.2, iOS 17.2 y iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2023-42950",
"lastModified": "2024-04-08T22:48:38.313",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-28T16:15:08.313",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214035"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214036"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214039"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214040"
},
{
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT214041"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
NCSC-2024-0419
Vulnerability from csaf_ncscnl - Published: 2024-10-17 13:20 - Updated: 2024-10-17 13:20Summary
Kwetsbaarheden verholpen in Oracle Java
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- Manipuleren van data
- Uitvoer van willekeurige code (Gebruikersrechten)
- Toegang tot gevoelige gegevens
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-130: Improper Handling of Length Parameter Inconsistency
CWE-195: Signed to Unsigned Conversion Error
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-190: Integer Overflow or Wraparound
CWE-416: Use After Free
CWE-122: Heap-based Buffer Overflow
CWE-789: Memory Allocation with Excessive Size Value
7.3 (High)
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— |
8.8 (High)
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
CWE-130
- Improper Handling of Length Parameter Inconsistency
Affected products
Known affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
CWE-190
- Integer Overflow or Wraparound
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
Affected products
Known affected
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
graalvm
oracle_corporation
|
cpe:2.3:a:oracle_corporation:graalvm:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle_corporation
|
cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle_corporation
|
cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle_corporation
|
cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle_corporation
|
cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle_corporation
|
cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
CWE-789
- Memory Allocation with Excessive Size Value
Affected products
Known affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
4.8 (Medium)
Affected products
Known affected
33 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
oracle_java_se
oracle_corporation
|
cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
43 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*
|
— | |
|
graalvm
oracle
|
cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.10:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.2:*:*:*:*:*:*:*
|
— | |
|
database_server
oracle
|
cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_for_jdk22:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.14:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.10:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.3:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:graalvm_for_jdk22.0.1:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:11.0.23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:17.0.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:21.0.3:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:22.0.1:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:8u411:*:*:*:*:*:*:*
|
— |
CWE-77
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*
|
— | |
|
graalvm_for_jdk
oracle
|
cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*
|
— | |
|
java_se
oracle
|
cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*
|
— |
References
10 references
| URL | Category |
|---|---|
| https://www.oracle.com/security-alerts/cpuoct2024.html | external |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2024… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Toegang tot gevoelige gegevens\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
},
{
"category": "general",
"text": "Signed to Unsigned Conversion Error",
"title": "CWE-195"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat",
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Java",
"tracking": {
"current_release_date": "2024-10-17T13:20:07.759085Z",
"id": "NCSC-2024-0419",
"initial_release_date": "2024-10-17T13:20:07.759085Z",
"revision_history": [
{
"date": "2024-10-17T13:20:07.759085Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673125",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673121",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673122",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673123",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673120",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_java_se_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673115",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673116",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673112",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673113",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673114",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673108",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673109",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673110",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673111",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673107",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "oracle_java_se",
"product": {
"name": "oracle_java_se",
"product_id": "CSAFPID-1673106",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673124",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle_corporation"
},
{
"branches": [
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912046",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503299",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1673300",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912045",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503302",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1673301",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912044",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1503306",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-1673304",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912600",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm_for_jdk",
"product": {
"name": "graalvm_for_jdk",
"product_id": "CSAFPID-912601",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1457455",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1672740",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673407",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1672742",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "graalvm",
"product": {
"name": "graalvm",
"product_id": "CSAFPID-1673406",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_server",
"product": {
"name": "database_server",
"product_id": "CSAFPID-1503604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-550274",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912051",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503300",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:11.0.23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673306",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912050",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503304",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:17.0.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673303",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912049",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503305",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:21.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673305",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503307",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:22.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912048",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673302",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912047",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503308",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u411:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1672741",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1673439",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912602",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503647",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503648",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912603",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.10:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503649",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912605",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503650",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1503651",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22.0.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-912606",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674674",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674680",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674673",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674675",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674672",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674681",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674676",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674678",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674677",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-1674679",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "java_se",
"product": {
"name": "java_se",
"product_id": "CSAFPID-220891",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-7104",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1672741"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-7104",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1672741"
]
}
],
"title": "CVE-2023-7104"
},
{
"cve": "CVE-2023-42950",
"product_status": {
"known_affected": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-42950",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42950.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2023-42950"
},
{
"cve": "CVE-2024-21208",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Length Parameter Inconsistency",
"title": "CWE-130"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1673304",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21208",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21208.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1673304",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21208"
},
{
"cve": "CVE-2024-21210",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-1673303",
"CSAFPID-1673302",
"CSAFPID-1673306",
"CSAFPID-220891",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21210",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21210.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673305",
"CSAFPID-1672741",
"CSAFPID-1673303",
"CSAFPID-1673302",
"CSAFPID-1673306",
"CSAFPID-220891",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21210"
},
{
"cve": "CVE-2024-21211",
"product_status": {
"known_affected": [
"CSAFPID-1673120",
"CSAFPID-1673121",
"CSAFPID-1673122",
"CSAFPID-1673123",
"CSAFPID-1673124",
"CSAFPID-1673125",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673302",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21211",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673120",
"CSAFPID-1673121",
"CSAFPID-1673122",
"CSAFPID-1673123",
"CSAFPID-1673124",
"CSAFPID-1673125",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673300",
"CSAFPID-1673302",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21211"
},
{
"cve": "CVE-2024-21217",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21217",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21217.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673303",
"CSAFPID-1672741",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673300",
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21217"
},
{
"cve": "CVE-2024-21235",
"cwe": {
"id": "CWE-195",
"name": "Signed to Unsigned Conversion Error"
},
"notes": [
{
"category": "other",
"text": "Signed to Unsigned Conversion Error",
"title": "CWE-195"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673301",
"CSAFPID-1672741",
"CSAFPID-1673300",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673304",
"CSAFPID-1673303",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21235",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21235.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673106",
"CSAFPID-1673107",
"CSAFPID-1673108",
"CSAFPID-1673109",
"CSAFPID-1673110",
"CSAFPID-1673111",
"CSAFPID-1673112",
"CSAFPID-1673113",
"CSAFPID-1673114",
"CSAFPID-1673115",
"CSAFPID-1673116",
"CSAFPID-1673305",
"CSAFPID-1673302",
"CSAFPID-1673301",
"CSAFPID-1672741",
"CSAFPID-1673300",
"CSAFPID-220891",
"CSAFPID-1673306",
"CSAFPID-1673304",
"CSAFPID-1673303",
"CSAFPID-1673407",
"CSAFPID-1673406",
"CSAFPID-1673439",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
}
],
"title": "CVE-2024-21235"
},
{
"cve": "CVE-2024-25062",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681",
"CSAFPID-550274",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912047",
"CSAFPID-912048",
"CSAFPID-912049",
"CSAFPID-912050",
"CSAFPID-912051",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912602",
"CSAFPID-912603",
"CSAFPID-912604",
"CSAFPID-912605",
"CSAFPID-1503604",
"CSAFPID-912606",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503647",
"CSAFPID-1503648",
"CSAFPID-1503649",
"CSAFPID-1503650",
"CSAFPID-1503651",
"CSAFPID-1503300",
"CSAFPID-1503304",
"CSAFPID-1503305",
"CSAFPID-1503307",
"CSAFPID-1503308"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-25062",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1672741",
"CSAFPID-1673406",
"CSAFPID-1673407",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681",
"CSAFPID-550274",
"CSAFPID-912044",
"CSAFPID-912045",
"CSAFPID-912046",
"CSAFPID-912047",
"CSAFPID-912048",
"CSAFPID-912049",
"CSAFPID-912050",
"CSAFPID-912051",
"CSAFPID-912600",
"CSAFPID-912601",
"CSAFPID-912602",
"CSAFPID-912603",
"CSAFPID-912604",
"CSAFPID-912605",
"CSAFPID-1503604",
"CSAFPID-912606",
"CSAFPID-1503299",
"CSAFPID-1503302",
"CSAFPID-1503306",
"CSAFPID-1503647",
"CSAFPID-1503648",
"CSAFPID-1503649",
"CSAFPID-1503650",
"CSAFPID-1503651",
"CSAFPID-1503300",
"CSAFPID-1503304",
"CSAFPID-1503305",
"CSAFPID-1503307",
"CSAFPID-1503308"
]
}
],
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-36138",
"cwe": {
"id": "CWE-77",
"name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673301",
"CSAFPID-1673304",
"CSAFPID-1673300",
"CSAFPID-1674672",
"CSAFPID-1674673",
"CSAFPID-1674674",
"CSAFPID-1674675",
"CSAFPID-1674676",
"CSAFPID-1674677",
"CSAFPID-1674678",
"CSAFPID-1674679",
"CSAFPID-1674680",
"CSAFPID-1674681"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-36138",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json"
}
],
"title": "CVE-2024-36138"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…