Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0150
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Tenable Identity Exposure. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
Vendor | Product | Description | ||
---|---|---|---|---|
Tenable | Identity Exposure | Identity Exposure versions antérieures à 3.77.9 |
References
Title | Publication Time | Tags | |||
---|---|---|---|---|---|
|
{ "$ref": "https://www.cert.ssi.gouv.fr/openapi.json", "affected_systems": [ { "description": "Identity Exposure versions ant\u00e9rieures \u00e0 3.77.9", "product": { "name": "Identity Exposure", "vendor": { "name": "Tenable", "scada": false } } } ], "affected_systems_content": "", "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).", "cves": [ { "name": "CVE-2024-25629", "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629" }, { "name": "CVE-2024-11053", "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053" }, { "name": "CVE-2025-23085", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23085" }, { "name": "CVE-2025-23083", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23083" }, { "name": "CVE-2025-1091", "url": "https://www.cve.org/CVERecord?id=CVE-2025-1091" }, { "name": "CVE-2025-0665", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0665" }, { "name": "CVE-2025-0760", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0760" }, { "name": "CVE-2025-23084", "url": "https://www.cve.org/CVERecord?id=CVE-2025-23084" }, { "name": "CVE-2025-0725", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725" }, { "name": "CVE-2025-0167", "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167" } ], "initial_release_date": "2025-02-21T00:00:00", "last_revision_date": "2025-02-21T00:00:00", "links": [], "reference": "CERTFR-2025-AVI-0150", "revisions": [ { "description": "Version initiale", "revision_date": "2025-02-21T00:00:00.000000" } ], "risks": [ { "description": "D\u00e9ni de service \u00e0 distance" }, { "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur" }, { "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es" } ], "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Identity Exposure. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.", "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Identity Exposure", "vendor_advisories": [ { "published_at": "2025-02-20", "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-01", "url": "https://www.tenable.com/security/tns-2025-01" } ] }
CVE-2025-23085 (GCVE-0-2025-23085)
Vulnerability from cvelistv5
Published
2025-02-07 07:09
Modified
2025-04-30 22:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.
This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
NodeJS | Node |
Version: 4.0 ≤ Version: 5.0 ≤ Version: 6.0 ≤ Version: 7.0 ≤ Version: 8.0 ≤ Version: 9.0 ≤ Version: 10.0 ≤ Version: 11.0 ≤ Version: 12.0 ≤ Version: 13.0 ≤ Version: 14.0 ≤ Version: 15.0 ≤ Version: 16.0 ≤ Version: 17.0 ≤ Version: 18.0 ≤ Version: 19.0 ≤ Version: 20.0 ≤ Version: 21.0 ≤ Version: 22.0 ≤ Version: 23.0 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-23085", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-07T15:50:24.935972Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-07T15:57:11.221Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2025-02-25T13:07:47.090Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00031.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Node", "vendor": "NodeJS", "versions": [ { "lessThan": "4.*", "status": "affected", "version": "4.0", "versionType": "semver" }, { "lessThan": "5.*", "status": "affected", "version": "5.0", "versionType": "semver" }, { "lessThan": "6.*", "status": "affected", "version": "6.0", "versionType": "semver" }, { "lessThan": "7.*", "status": "affected", "version": "7.0", "versionType": "semver" }, { "lessThan": "8.*", "status": "affected", "version": "8.0", "versionType": "semver" }, { "lessThan": "9.*", "status": "affected", "version": "9.0", "versionType": "semver" }, { "lessThan": "10.*", "status": "affected", "version": "10.0", "versionType": "semver" }, { "lessThan": "11.*", "status": "affected", "version": "11.0", "versionType": "semver" }, { "lessThan": "12.*", "status": "affected", "version": "12.0", "versionType": "semver" }, { "lessThan": "13.*", "status": "affected", "version": "13.0", "versionType": "semver" }, { "lessThan": "14.*", "status": "affected", "version": "14.0", "versionType": "semver" }, { "lessThan": "15.*", "status": "affected", "version": "15.0", "versionType": "semver" }, { "lessThan": "16.*", "status": "affected", "version": "16.0", "versionType": "semver" }, { "lessThan": "17.*", "status": "affected", "version": "17.0", "versionType": "semver" }, { "lessThan": "18.20.6", "status": "affected", "version": "18.0", "versionType": "semver" }, { "lessThan": "19.*", "status": "affected", "version": "19.0", "versionType": "semver" }, { "lessThan": "20.18.2", "status": "affected", "version": "20.0", "versionType": "semver" }, { "lessThan": "21.*", "status": "affected", "version": "21.0", "versionType": "semver" }, { "lessThan": "22.13.1", "status": "affected", "version": "22.0", "versionType": "semver" }, { "lessThan": "23.6.1", "status": "affected", "version": "23.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x." } ], "metrics": [ { "cvssV3_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } } ], "providerMetadata": { "dateUpdated": "2025-04-30T22:25:24.192Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2025-23085", "datePublished": "2025-02-07T07:09:25.804Z", "dateReserved": "2025-01-10T19:05:52.771Z", "dateUpdated": "2025-04-30T22:25:24.192Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-23084 (GCVE-0-2025-23084)
Vulnerability from cvelistv5
Published
2025-01-28 04:35
Modified
2025-04-30 22:25
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.
On Windows, a path that does not start with the file separator is treated as relative to the current directory.
This vulnerability affects Windows users of `path.join` API.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
NodeJS | Node |
Version: 4.0 ≤ Version: 5.0 ≤ Version: 6.0 ≤ Version: 7.0 ≤ Version: 8.0 ≤ Version: 9.0 ≤ Version: 10.0 ≤ Version: 11.0 ≤ Version: 12.0 ≤ Version: 13.0 ≤ Version: 14.0 ≤ Version: 15.0 ≤ Version: 16.0 ≤ Version: 17.0 ≤ Version: 18.0 ≤ Version: 19.0 ≤ Version: 20.0 ≤ Version: 21.0 ≤ Version: 22.0 ≤ Version: 23.0 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-23084", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-01-28T15:07:59.235224Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-01-28T15:08:35.521Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Node", "vendor": "NodeJS", "versions": [ { "lessThan": "4.*", "status": "affected", "version": "4.0", "versionType": "semver" }, { "lessThan": "5.*", "status": "affected", "version": "5.0", "versionType": "semver" }, { "lessThan": "6.*", "status": "affected", "version": "6.0", "versionType": "semver" }, { "lessThan": "7.*", "status": "affected", "version": "7.0", "versionType": "semver" }, { "lessThan": "8.*", "status": "affected", "version": "8.0", "versionType": "semver" }, { "lessThan": "9.*", "status": "affected", "version": "9.0", "versionType": "semver" }, { "lessThan": "10.*", "status": "affected", "version": "10.0", "versionType": "semver" }, { "lessThan": "11.*", "status": "affected", "version": "11.0", "versionType": "semver" }, { "lessThan": "12.*", "status": "affected", "version": "12.0", "versionType": "semver" }, { "lessThan": "13.*", "status": "affected", "version": "13.0", "versionType": "semver" }, { "lessThan": "14.*", "status": "affected", "version": "14.0", "versionType": "semver" }, { "lessThan": "15.*", "status": "affected", "version": "15.0", "versionType": "semver" }, { "lessThan": "16.*", "status": "affected", "version": "16.0", "versionType": "semver" }, { "lessThan": "17.*", "status": "affected", "version": "17.0", "versionType": "semver" }, { "lessThan": "18.20.6", "status": "affected", "version": "18.0", "versionType": "semver" }, { "lessThan": "19.*", "status": "affected", "version": "19.0", "versionType": "semver" }, { "lessThan": "20.18.2", "status": "affected", "version": "20.0", "versionType": "semver" }, { "lessThan": "21.*", "status": "affected", "version": "21.0", "versionType": "semver" }, { "lessThan": "22.13.1", "status": "affected", "version": "22.0", "versionType": "semver" }, { "lessThan": "23.6.1", "status": "affected", "version": "23.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.\r\n\r\nOn Windows, a path that does not start with the file separator is treated as relative to the current directory. \r\n\r\nThis vulnerability affects Windows users of `path.join` API." } ], "metrics": [ { "cvssV3_0": { "baseScore": 5.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.0" } } ], "providerMetadata": { "dateUpdated": "2025-04-30T22:25:23.315Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2025-23084", "datePublished": "2025-01-28T04:35:15.236Z", "dateReserved": "2025-01-10T19:05:52.771Z", "dateUpdated": "2025-04-30T22:25:23.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-0167 (GCVE-0-2025-0167)
Vulnerability from cvelistv5
Published
2025-02-05 09:15
Modified
2025-03-07 00:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
When asked to use a `.netrc` file for credentials **and** to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has a `default` entry that
omits both login and password. A rare circumstance.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
curl | curl |
Version: 8.11.1 ≤ 8.11.1 Version: 8.11.0 ≤ 8.11.0 Version: 8.10.1 ≤ 8.10.1 Version: 8.10.0 ≤ 8.10.0 Version: 8.9.1 ≤ 8.9.1 Version: 8.9.0 ≤ 8.9.0 Version: 8.8.0 ≤ 8.8.0 Version: 8.7.1 ≤ 8.7.1 Version: 8.7.0 ≤ 8.7.0 Version: 8.6.0 ≤ 8.6.0 Version: 8.5.0 ≤ 8.5.0 Version: 8.4.0 ≤ 8.4.0 Version: 8.3.0 ≤ 8.3.0 Version: 8.2.1 ≤ 8.2.1 Version: 8.2.0 ≤ 8.2.0 Version: 8.1.2 ≤ 8.1.2 Version: 8.1.1 ≤ 8.1.1 Version: 8.1.0 ≤ 8.1.0 Version: 8.0.1 ≤ 8.0.1 Version: 8.0.0 ≤ 8.0.0 Version: 7.88.1 ≤ 7.88.1 Version: 7.88.0 ≤ 7.88.0 Version: 7.87.0 ≤ 7.87.0 Version: 7.86.0 ≤ 7.86.0 Version: 7.85.0 ≤ 7.85.0 Version: 7.84.0 ≤ 7.84.0 Version: 7.83.1 ≤ 7.83.1 Version: 7.83.0 ≤ 7.83.0 Version: 7.82.0 ≤ 7.82.0 Version: 7.81.0 ≤ 7.81.0 Version: 7.80.0 ≤ 7.80.0 Version: 7.79.1 ≤ 7.79.1 Version: 7.79.0 ≤ 7.79.0 Version: 7.78.0 ≤ 7.78.0 Version: 7.77.0 ≤ 7.77.0 Version: 7.76.1 ≤ 7.76.1 Version: 7.76.0 ≤ 7.76.0 |
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2025-0167", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-05T15:52:41.551530Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-06T14:48:00.488Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "references": [ { "tags": [ "exploit" ], "url": "https://curl.se/docs/CVE-2025-0167.html" } ], "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2025-03-07T00:10:48.290Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20250306-0008/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "curl", "vendor": "curl", "versions": [ { "lessThanOrEqual": "8.11.1", "status": "affected", "version": "8.11.1", "versionType": "semver" }, { "lessThanOrEqual": "8.11.0", "status": "affected", "version": "8.11.0", "versionType": "semver" }, { "lessThanOrEqual": "8.10.1", "status": "affected", "version": "8.10.1", "versionType": "semver" }, { "lessThanOrEqual": "8.10.0", "status": "affected", "version": "8.10.0", "versionType": "semver" }, { "lessThanOrEqual": "8.9.1", "status": "affected", "version": "8.9.1", "versionType": "semver" }, { "lessThanOrEqual": "8.9.0", "status": "affected", "version": "8.9.0", "versionType": "semver" }, { "lessThanOrEqual": "8.8.0", "status": "affected", "version": "8.8.0", "versionType": "semver" }, { "lessThanOrEqual": "8.7.1", "status": "affected", "version": "8.7.1", "versionType": "semver" }, { "lessThanOrEqual": "8.7.0", "status": "affected", "version": "8.7.0", "versionType": "semver" }, { "lessThanOrEqual": "8.6.0", "status": "affected", "version": "8.6.0", "versionType": "semver" }, { "lessThanOrEqual": "8.5.0", "status": "affected", "version": "8.5.0", "versionType": "semver" }, { "lessThanOrEqual": "8.4.0", "status": "affected", "version": "8.4.0", "versionType": "semver" }, { "lessThanOrEqual": "8.3.0", "status": "affected", "version": "8.3.0", "versionType": "semver" }, { "lessThanOrEqual": "8.2.1", "status": "affected", "version": "8.2.1", "versionType": "semver" }, { "lessThanOrEqual": "8.2.0", "status": "affected", "version": "8.2.0", "versionType": "semver" }, { "lessThanOrEqual": "8.1.2", "status": "affected", "version": "8.1.2", "versionType": "semver" }, { "lessThanOrEqual": "8.1.1", "status": "affected", "version": "8.1.1", "versionType": "semver" }, { "lessThanOrEqual": "8.1.0", "status": "affected", "version": "8.1.0", "versionType": "semver" }, { "lessThanOrEqual": "8.0.1", "status": "affected", "version": "8.0.1", "versionType": "semver" }, { "lessThanOrEqual": "8.0.0", "status": "affected", "version": "8.0.0", "versionType": "semver" }, { "lessThanOrEqual": "7.88.1", "status": "affected", "version": "7.88.1", "versionType": "semver" }, { "lessThanOrEqual": "7.88.0", "status": "affected", "version": "7.88.0", "versionType": "semver" }, { "lessThanOrEqual": "7.87.0", "status": "affected", "version": "7.87.0", "versionType": "semver" }, { "lessThanOrEqual": "7.86.0", "status": "affected", "version": "7.86.0", "versionType": "semver" }, { "lessThanOrEqual": "7.85.0", "status": "affected", "version": "7.85.0", "versionType": "semver" }, { "lessThanOrEqual": "7.84.0", "status": "affected", "version": "7.84.0", "versionType": "semver" }, { "lessThanOrEqual": "7.83.1", "status": "affected", "version": "7.83.1", "versionType": "semver" }, { "lessThanOrEqual": "7.83.0", "status": "affected", "version": "7.83.0", "versionType": "semver" }, { "lessThanOrEqual": "7.82.0", "status": "affected", "version": "7.82.0", "versionType": "semver" }, { "lessThanOrEqual": "7.81.0", "status": "affected", "version": "7.81.0", "versionType": "semver" }, { "lessThanOrEqual": "7.80.0", "status": "affected", "version": "7.80.0", "versionType": "semver" }, { "lessThanOrEqual": "7.79.1", "status": "affected", "version": "7.79.1", "versionType": "semver" }, { "lessThanOrEqual": "7.79.0", "status": "affected", "version": "7.79.0", "versionType": "semver" }, { "lessThanOrEqual": "7.78.0", "status": "affected", "version": "7.78.0", "versionType": "semver" }, { "lessThanOrEqual": "7.77.0", "status": "affected", "version": "7.77.0", "versionType": "semver" }, { "lessThanOrEqual": "7.76.1", "status": "affected", "version": "7.76.1", "versionType": "semver" }, { "lessThanOrEqual": "7.76.0", "status": "affected", "version": "7.76.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Yihang Zhou" }, { "lang": "en", "type": "remediation developer", "value": "Daniel Stenberg" } ], "descriptions": [ { "lang": "en", "value": "When asked to use a `.netrc` file for credentials **and** to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has a `default` entry that\nomits both login and password. A rare circumstance." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-05T09:15:06.891Z", "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "shortName": "curl" }, "references": [ { "name": "json", "url": "https://curl.se/docs/CVE-2025-0167.json" }, { "name": "www", "url": "https://curl.se/docs/CVE-2025-0167.html" }, { "name": "issue", "url": "https://hackerone.com/reports/2917232" } ], "title": "netrc and default credential leak" } }, "cveMetadata": { "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "assignerShortName": "curl", "cveId": "CVE-2025-0167", "datePublished": "2025-02-05T09:15:06.891Z", "dateReserved": "2024-12-31T23:07:29.650Z", "dateUpdated": "2025-03-07T00:10:48.290Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-25629 (GCVE-0-2024-25629)
Vulnerability from cvelistv5
Published
2024-02-23 14:52
Modified
2025-02-13 17:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-127 - Buffer Under-read
Summary
c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-25629", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-23T19:18:11.897134Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:35:14.331Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:44:09.807Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q" }, { "name": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "c-ares", "vendor": "c-ares", "versions": [ { "status": "affected", "version": "\u003c 1.27.0" } ] } ], "descriptions": [ { "lang": "en", "value": "c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-127", "description": "CWE-127: Buffer Under-read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-19T23:06:15.852Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q" }, { "name": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GX37LFPFQ3T6FFMMFYQTEGIQXXN7F27U/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P76QYINQNPEHUTEEDOUYIRZ2X6UVZ5K/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSCMTSPDIE2UHU34TIXQQHZ6JTE3Y3VF/" } ], "source": { "advisory": "GHSA-mg26-v6qh-x48q", "discovery": "UNKNOWN" }, "title": "c-ares out of bounds read in ares__read_line()" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2024-25629", "datePublished": "2024-02-23T14:52:24.967Z", "dateReserved": "2024-02-08T22:26:33.512Z", "dateUpdated": "2025-02-13T17:40:51.243Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-0725 (GCVE-0-2025-0725)
Vulnerability from cvelistv5
Published
2025-02-05 09:18
Modified
2025-06-12 16:04
Severity ?
VLAI Severity ?
EPSS score ?
Summary
When libcurl is asked to perform automatic gzip decompression of
content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,
**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would
make libcurl perform a buffer overflow.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
curl | curl |
Version: 8.11.1 ≤ 8.11.1 Version: 8.11.0 ≤ 8.11.0 Version: 8.10.1 ≤ 8.10.1 Version: 8.10.0 ≤ 8.10.0 Version: 8.9.1 ≤ 8.9.1 Version: 8.9.0 ≤ 8.9.0 Version: 8.8.0 ≤ 8.8.0 Version: 8.7.1 ≤ 8.7.1 Version: 8.7.0 ≤ 8.7.0 Version: 8.6.0 ≤ 8.6.0 Version: 8.5.0 ≤ 8.5.0 Version: 8.4.0 ≤ 8.4.0 Version: 8.3.0 ≤ 8.3.0 Version: 8.2.1 ≤ 8.2.1 Version: 8.2.0 ≤ 8.2.0 Version: 8.1.2 ≤ 8.1.2 Version: 8.1.1 ≤ 8.1.1 Version: 8.1.0 ≤ 8.1.0 Version: 8.0.1 ≤ 8.0.1 Version: 8.0.0 ≤ 8.0.0 Version: 7.88.1 ≤ 7.88.1 Version: 7.88.0 ≤ 7.88.0 Version: 7.87.0 ≤ 7.87.0 Version: 7.86.0 ≤ 7.86.0 Version: 7.85.0 ≤ 7.85.0 Version: 7.84.0 ≤ 7.84.0 Version: 7.83.1 ≤ 7.83.1 Version: 7.83.0 ≤ 7.83.0 Version: 7.82.0 ≤ 7.82.0 Version: 7.81.0 ≤ 7.81.0 Version: 7.80.0 ≤ 7.80.0 Version: 7.79.1 ≤ 7.79.1 Version: 7.79.0 ≤ 7.79.0 Version: 7.78.0 ≤ 7.78.0 Version: 7.77.0 ≤ 7.77.0 Version: 7.76.1 ≤ 7.76.1 Version: 7.76.0 ≤ 7.76.0 Version: 7.75.0 ≤ 7.75.0 Version: 7.74.0 ≤ 7.74.0 Version: 7.73.0 ≤ 7.73.0 Version: 7.72.0 ≤ 7.72.0 Version: 7.71.1 ≤ 7.71.1 Version: 7.71.0 ≤ 7.71.0 Version: 7.70.0 ≤ 7.70.0 Version: 7.69.1 ≤ 7.69.1 Version: 7.69.0 ≤ 7.69.0 Version: 7.68.0 ≤ 7.68.0 Version: 7.67.0 ≤ 7.67.0 Version: 7.66.0 ≤ 7.66.0 Version: 7.65.3 ≤ 7.65.3 Version: 7.65.2 ≤ 7.65.2 Version: 7.65.1 ≤ 7.65.1 Version: 7.65.0 ≤ 7.65.0 Version: 7.64.1 ≤ 7.64.1 Version: 7.64.0 ≤ 7.64.0 Version: 7.63.0 ≤ 7.63.0 Version: 7.62.0 ≤ 7.62.0 Version: 7.61.1 ≤ 7.61.1 Version: 7.61.0 ≤ 7.61.0 Version: 7.60.0 ≤ 7.60.0 Version: 7.59.0 ≤ 7.59.0 Version: 7.58.0 ≤ 7.58.0 Version: 7.57.0 ≤ 7.57.0 Version: 7.56.1 ≤ 7.56.1 Version: 7.56.0 ≤ 7.56.0 Version: 7.55.1 ≤ 7.55.1 Version: 7.55.0 ≤ 7.55.0 Version: 7.54.1 ≤ 7.54.1 Version: 7.54.0 ≤ 7.54.0 Version: 7.53.1 ≤ 7.53.1 Version: 7.53.0 ≤ 7.53.0 Version: 7.52.1 ≤ 7.52.1 Version: 7.52.0 ≤ 7.52.0 Version: 7.51.0 ≤ 7.51.0 Version: 7.50.3 ≤ 7.50.3 Version: 7.50.2 ≤ 7.50.2 Version: 7.50.1 ≤ 7.50.1 Version: 7.50.0 ≤ 7.50.0 Version: 7.49.1 ≤ 7.49.1 Version: 7.49.0 ≤ 7.49.0 Version: 7.48.0 ≤ 7.48.0 Version: 7.47.1 ≤ 7.47.1 Version: 7.47.0 ≤ 7.47.0 Version: 7.46.0 ≤ 7.46.0 Version: 7.45.0 ≤ 7.45.0 Version: 7.44.0 ≤ 7.44.0 Version: 7.43.0 ≤ 7.43.0 Version: 7.42.1 ≤ 7.42.1 Version: 7.42.0 ≤ 7.42.0 Version: 7.41.0 ≤ 7.41.0 Version: 7.40.0 ≤ 7.40.0 Version: 7.39.0 ≤ 7.39.0 Version: 7.38.0 ≤ 7.38.0 Version: 7.37.1 ≤ 7.37.1 Version: 7.37.0 ≤ 7.37.0 Version: 7.36.0 ≤ 7.36.0 Version: 7.35.0 ≤ 7.35.0 Version: 7.34.0 ≤ 7.34.0 Version: 7.33.0 ≤ 7.33.0 Version: 7.32.0 ≤ 7.32.0 Version: 7.31.0 ≤ 7.31.0 Version: 7.30.0 ≤ 7.30.0 Version: 7.29.0 ≤ 7.29.0 Version: 7.28.1 ≤ 7.28.1 Version: 7.28.0 ≤ 7.28.0 Version: 7.27.0 ≤ 7.27.0 Version: 7.26.0 ≤ 7.26.0 Version: 7.25.0 ≤ 7.25.0 Version: 7.24.0 ≤ 7.24.0 Version: 7.23.1 ≤ 7.23.1 Version: 7.23.0 ≤ 7.23.0 Version: 7.22.0 ≤ 7.22.0 Version: 7.21.7 ≤ 7.21.7 Version: 7.21.6 ≤ 7.21.6 Version: 7.21.5 ≤ 7.21.5 Version: 7.21.4 ≤ 7.21.4 Version: 7.21.3 ≤ 7.21.3 Version: 7.21.2 ≤ 7.21.2 Version: 7.21.1 ≤ 7.21.1 Version: 7.21.0 ≤ 7.21.0 Version: 7.20.1 ≤ 7.20.1 Version: 7.20.0 ≤ 7.20.0 Version: 7.19.7 ≤ 7.19.7 Version: 7.19.6 ≤ 7.19.6 Version: 7.19.5 ≤ 7.19.5 Version: 7.19.4 ≤ 7.19.4 Version: 7.19.3 ≤ 7.19.3 Version: 7.19.2 ≤ 7.19.2 Version: 7.19.1 ≤ 7.19.1 Version: 7.19.0 ≤ 7.19.0 Version: 7.18.2 ≤ 7.18.2 Version: 7.18.1 ≤ 7.18.1 Version: 7.18.0 ≤ 7.18.0 Version: 7.17.1 ≤ 7.17.1 Version: 7.17.0 ≤ 7.17.0 Version: 7.16.4 ≤ 7.16.4 Version: 7.16.3 ≤ 7.16.3 Version: 7.16.2 ≤ 7.16.2 Version: 7.16.1 ≤ 7.16.1 Version: 7.16.0 ≤ 7.16.0 Version: 7.15.5 ≤ 7.15.5 Version: 7.15.4 ≤ 7.15.4 Version: 7.15.3 ≤ 7.15.3 Version: 7.15.2 ≤ 7.15.2 Version: 7.15.1 ≤ 7.15.1 Version: 7.15.0 ≤ 7.15.0 Version: 7.14.1 ≤ 7.14.1 Version: 7.14.0 ≤ 7.14.0 Version: 7.13.2 ≤ 7.13.2 Version: 7.13.1 ≤ 7.13.1 Version: 7.13.0 ≤ 7.13.0 Version: 7.12.3 ≤ 7.12.3 Version: 7.12.2 ≤ 7.12.2 Version: 7.12.1 ≤ 7.12.1 Version: 7.12.0 ≤ 7.12.0 Version: 7.11.2 ≤ 7.11.2 Version: 7.11.1 ≤ 7.11.1 Version: 7.11.0 ≤ 7.11.0 Version: 7.10.8 ≤ 7.10.8 Version: 7.10.7 ≤ 7.10.7 Version: 7.10.6 ≤ 7.10.6 Version: 7.10.5 ≤ 7.10.5 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2025-06-12T16:04:29.956Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2025/02/05/3" }, { "url": "http://www.openwall.com/lists/oss-security/2025/02/06/2" }, { "url": "http://www.openwall.com/lists/oss-security/2025/02/06/4" }, { "url": "https://security.netapp.com/advisory/ntap-20250306-0009/" }, { "url": "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7" } ], "title": "CVE Program Container", "x_generator": { "engine": "ADPogram 0.0.1" } }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2025-0725", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-05T14:33:50.737849Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-05T14:34:15.390Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "curl", "vendor": "curl", "versions": [ { "lessThanOrEqual": "8.11.1", "status": "affected", "version": "8.11.1", "versionType": "semver" }, { "lessThanOrEqual": "8.11.0", "status": "affected", "version": "8.11.0", "versionType": "semver" }, { "lessThanOrEqual": "8.10.1", "status": "affected", "version": "8.10.1", "versionType": "semver" }, { "lessThanOrEqual": "8.10.0", "status": "affected", "version": "8.10.0", "versionType": "semver" }, { "lessThanOrEqual": "8.9.1", "status": "affected", "version": "8.9.1", "versionType": "semver" }, { "lessThanOrEqual": "8.9.0", "status": "affected", "version": "8.9.0", "versionType": "semver" }, { "lessThanOrEqual": "8.8.0", "status": "affected", "version": "8.8.0", "versionType": "semver" }, { "lessThanOrEqual": "8.7.1", "status": "affected", "version": "8.7.1", "versionType": "semver" }, { "lessThanOrEqual": "8.7.0", "status": "affected", "version": "8.7.0", "versionType": "semver" }, { "lessThanOrEqual": "8.6.0", "status": "affected", "version": "8.6.0", "versionType": "semver" }, { "lessThanOrEqual": "8.5.0", "status": "affected", "version": "8.5.0", "versionType": "semver" }, { "lessThanOrEqual": "8.4.0", "status": "affected", "version": "8.4.0", "versionType": "semver" }, { "lessThanOrEqual": "8.3.0", "status": "affected", "version": "8.3.0", "versionType": "semver" }, { "lessThanOrEqual": "8.2.1", "status": "affected", "version": "8.2.1", "versionType": "semver" }, { "lessThanOrEqual": "8.2.0", "status": "affected", "version": "8.2.0", "versionType": "semver" }, { "lessThanOrEqual": "8.1.2", "status": "affected", "version": "8.1.2", "versionType": "semver" }, { "lessThanOrEqual": "8.1.1", "status": "affected", "version": "8.1.1", "versionType": "semver" }, { "lessThanOrEqual": "8.1.0", "status": "affected", "version": "8.1.0", "versionType": "semver" }, { "lessThanOrEqual": "8.0.1", "status": "affected", "version": "8.0.1", "versionType": "semver" }, { "lessThanOrEqual": "8.0.0", "status": "affected", "version": "8.0.0", "versionType": "semver" }, { "lessThanOrEqual": "7.88.1", "status": "affected", "version": "7.88.1", "versionType": "semver" }, { "lessThanOrEqual": "7.88.0", "status": "affected", "version": "7.88.0", "versionType": "semver" }, { "lessThanOrEqual": "7.87.0", "status": "affected", "version": "7.87.0", "versionType": "semver" }, { "lessThanOrEqual": "7.86.0", "status": "affected", "version": "7.86.0", "versionType": "semver" }, { "lessThanOrEqual": "7.85.0", "status": "affected", "version": "7.85.0", "versionType": "semver" }, { "lessThanOrEqual": "7.84.0", "status": "affected", "version": "7.84.0", "versionType": "semver" }, { "lessThanOrEqual": "7.83.1", "status": "affected", "version": "7.83.1", "versionType": "semver" }, { "lessThanOrEqual": "7.83.0", "status": "affected", "version": "7.83.0", "versionType": "semver" }, { "lessThanOrEqual": "7.82.0", "status": "affected", "version": "7.82.0", "versionType": "semver" }, { "lessThanOrEqual": "7.81.0", "status": "affected", "version": "7.81.0", "versionType": "semver" }, { "lessThanOrEqual": "7.80.0", "status": "affected", "version": "7.80.0", "versionType": "semver" }, { "lessThanOrEqual": "7.79.1", "status": "affected", "version": "7.79.1", "versionType": "semver" }, { "lessThanOrEqual": "7.79.0", "status": "affected", "version": "7.79.0", "versionType": "semver" }, { "lessThanOrEqual": "7.78.0", "status": "affected", "version": "7.78.0", "versionType": "semver" }, { "lessThanOrEqual": "7.77.0", "status": "affected", "version": "7.77.0", "versionType": "semver" }, { "lessThanOrEqual": "7.76.1", "status": "affected", "version": "7.76.1", "versionType": "semver" }, { "lessThanOrEqual": "7.76.0", "status": "affected", "version": "7.76.0", "versionType": "semver" }, { "lessThanOrEqual": "7.75.0", "status": "affected", "version": "7.75.0", "versionType": "semver" }, { "lessThanOrEqual": "7.74.0", "status": "affected", "version": "7.74.0", "versionType": "semver" }, { "lessThanOrEqual": "7.73.0", "status": "affected", "version": "7.73.0", "versionType": "semver" }, { "lessThanOrEqual": "7.72.0", "status": "affected", "version": "7.72.0", "versionType": "semver" }, { "lessThanOrEqual": "7.71.1", "status": "affected", "version": "7.71.1", "versionType": "semver" }, { "lessThanOrEqual": "7.71.0", "status": "affected", "version": "7.71.0", "versionType": "semver" }, { "lessThanOrEqual": "7.70.0", "status": "affected", "version": "7.70.0", "versionType": "semver" }, { "lessThanOrEqual": "7.69.1", "status": "affected", "version": "7.69.1", "versionType": "semver" }, { "lessThanOrEqual": "7.69.0", "status": "affected", "version": "7.69.0", "versionType": "semver" }, { "lessThanOrEqual": "7.68.0", "status": "affected", "version": "7.68.0", "versionType": "semver" }, { "lessThanOrEqual": "7.67.0", "status": "affected", "version": "7.67.0", "versionType": "semver" }, { "lessThanOrEqual": "7.66.0", "status": "affected", "version": "7.66.0", "versionType": "semver" }, { "lessThanOrEqual": "7.65.3", "status": "affected", "version": "7.65.3", "versionType": "semver" }, { "lessThanOrEqual": "7.65.2", "status": "affected", "version": "7.65.2", "versionType": "semver" }, { "lessThanOrEqual": "7.65.1", "status": "affected", "version": "7.65.1", "versionType": "semver" }, { "lessThanOrEqual": "7.65.0", "status": "affected", "version": "7.65.0", "versionType": "semver" }, { "lessThanOrEqual": "7.64.1", "status": "affected", "version": "7.64.1", "versionType": "semver" }, { "lessThanOrEqual": "7.64.0", "status": "affected", "version": "7.64.0", "versionType": "semver" }, { "lessThanOrEqual": "7.63.0", "status": "affected", "version": "7.63.0", "versionType": "semver" }, { "lessThanOrEqual": "7.62.0", "status": "affected", "version": "7.62.0", "versionType": "semver" }, { "lessThanOrEqual": "7.61.1", "status": "affected", "version": "7.61.1", "versionType": "semver" }, { "lessThanOrEqual": "7.61.0", "status": "affected", "version": "7.61.0", "versionType": "semver" }, { "lessThanOrEqual": "7.60.0", "status": "affected", "version": "7.60.0", "versionType": "semver" }, { "lessThanOrEqual": "7.59.0", "status": "affected", "version": "7.59.0", "versionType": "semver" }, { "lessThanOrEqual": "7.58.0", "status": "affected", "version": "7.58.0", "versionType": "semver" }, { "lessThanOrEqual": "7.57.0", "status": "affected", "version": "7.57.0", "versionType": "semver" }, { "lessThanOrEqual": "7.56.1", "status": "affected", "version": "7.56.1", "versionType": "semver" }, { "lessThanOrEqual": "7.56.0", "status": "affected", "version": "7.56.0", "versionType": "semver" }, { "lessThanOrEqual": "7.55.1", "status": "affected", "version": "7.55.1", "versionType": "semver" }, { "lessThanOrEqual": "7.55.0", "status": "affected", "version": "7.55.0", "versionType": "semver" }, { "lessThanOrEqual": "7.54.1", "status": "affected", "version": "7.54.1", "versionType": "semver" }, { "lessThanOrEqual": "7.54.0", "status": "affected", "version": "7.54.0", "versionType": "semver" }, { "lessThanOrEqual": "7.53.1", "status": "affected", "version": "7.53.1", "versionType": "semver" }, { "lessThanOrEqual": "7.53.0", "status": "affected", "version": "7.53.0", "versionType": "semver" }, { "lessThanOrEqual": "7.52.1", "status": "affected", "version": "7.52.1", "versionType": "semver" }, { "lessThanOrEqual": "7.52.0", "status": "affected", "version": "7.52.0", "versionType": "semver" }, { "lessThanOrEqual": "7.51.0", "status": "affected", "version": "7.51.0", "versionType": "semver" }, { "lessThanOrEqual": "7.50.3", "status": "affected", "version": "7.50.3", "versionType": "semver" }, { "lessThanOrEqual": "7.50.2", "status": "affected", "version": "7.50.2", "versionType": "semver" }, { "lessThanOrEqual": "7.50.1", "status": "affected", "version": "7.50.1", "versionType": "semver" }, { "lessThanOrEqual": "7.50.0", "status": "affected", "version": "7.50.0", "versionType": "semver" }, { "lessThanOrEqual": "7.49.1", "status": "affected", "version": "7.49.1", "versionType": "semver" }, { "lessThanOrEqual": "7.49.0", "status": "affected", "version": "7.49.0", "versionType": "semver" }, { "lessThanOrEqual": "7.48.0", "status": "affected", "version": "7.48.0", "versionType": "semver" }, { "lessThanOrEqual": "7.47.1", "status": "affected", "version": "7.47.1", "versionType": "semver" }, { "lessThanOrEqual": "7.47.0", "status": "affected", "version": "7.47.0", "versionType": "semver" }, { "lessThanOrEqual": "7.46.0", "status": "affected", "version": "7.46.0", "versionType": "semver" }, { "lessThanOrEqual": "7.45.0", "status": "affected", "version": "7.45.0", "versionType": "semver" }, { "lessThanOrEqual": "7.44.0", "status": "affected", "version": "7.44.0", "versionType": "semver" }, { "lessThanOrEqual": "7.43.0", "status": "affected", "version": "7.43.0", "versionType": "semver" }, { "lessThanOrEqual": "7.42.1", "status": "affected", "version": "7.42.1", "versionType": "semver" }, { "lessThanOrEqual": "7.42.0", "status": "affected", "version": "7.42.0", "versionType": "semver" }, { "lessThanOrEqual": "7.41.0", "status": "affected", "version": "7.41.0", "versionType": "semver" }, { "lessThanOrEqual": "7.40.0", "status": "affected", "version": "7.40.0", "versionType": "semver" }, { "lessThanOrEqual": "7.39.0", "status": "affected", "version": "7.39.0", "versionType": "semver" }, { "lessThanOrEqual": "7.38.0", "status": "affected", "version": "7.38.0", "versionType": "semver" }, { "lessThanOrEqual": "7.37.1", "status": "affected", "version": "7.37.1", "versionType": "semver" }, { "lessThanOrEqual": "7.37.0", "status": "affected", "version": "7.37.0", "versionType": "semver" }, { "lessThanOrEqual": "7.36.0", "status": "affected", "version": "7.36.0", "versionType": "semver" }, { "lessThanOrEqual": "7.35.0", "status": "affected", "version": "7.35.0", "versionType": "semver" }, { "lessThanOrEqual": "7.34.0", "status": "affected", "version": "7.34.0", "versionType": "semver" }, { "lessThanOrEqual": "7.33.0", "status": "affected", "version": "7.33.0", "versionType": "semver" }, { "lessThanOrEqual": "7.32.0", "status": "affected", "version": "7.32.0", "versionType": "semver" }, { "lessThanOrEqual": "7.31.0", "status": "affected", "version": "7.31.0", "versionType": "semver" }, { "lessThanOrEqual": "7.30.0", "status": "affected", "version": "7.30.0", "versionType": "semver" }, { "lessThanOrEqual": "7.29.0", "status": "affected", "version": "7.29.0", "versionType": "semver" }, { "lessThanOrEqual": "7.28.1", "status": "affected", "version": "7.28.1", "versionType": "semver" }, { "lessThanOrEqual": "7.28.0", "status": "affected", "version": "7.28.0", "versionType": "semver" }, { "lessThanOrEqual": "7.27.0", "status": "affected", "version": "7.27.0", "versionType": "semver" }, { "lessThanOrEqual": "7.26.0", "status": "affected", "version": "7.26.0", "versionType": "semver" }, { "lessThanOrEqual": "7.25.0", "status": "affected", "version": "7.25.0", "versionType": "semver" }, { "lessThanOrEqual": "7.24.0", "status": "affected", "version": "7.24.0", "versionType": "semver" }, { "lessThanOrEqual": "7.23.1", "status": "affected", "version": "7.23.1", "versionType": "semver" }, { "lessThanOrEqual": "7.23.0", "status": "affected", "version": "7.23.0", "versionType": "semver" }, { "lessThanOrEqual": "7.22.0", "status": "affected", "version": "7.22.0", "versionType": "semver" }, { "lessThanOrEqual": "7.21.7", "status": "affected", "version": "7.21.7", "versionType": "semver" }, { "lessThanOrEqual": "7.21.6", "status": "affected", "version": "7.21.6", "versionType": "semver" }, { "lessThanOrEqual": "7.21.5", "status": "affected", "version": "7.21.5", "versionType": "semver" }, { "lessThanOrEqual": "7.21.4", "status": "affected", "version": "7.21.4", "versionType": "semver" }, { "lessThanOrEqual": "7.21.3", "status": "affected", "version": "7.21.3", "versionType": "semver" }, { "lessThanOrEqual": "7.21.2", "status": "affected", "version": "7.21.2", "versionType": "semver" }, { "lessThanOrEqual": "7.21.1", "status": "affected", "version": "7.21.1", "versionType": "semver" }, { "lessThanOrEqual": "7.21.0", "status": "affected", "version": "7.21.0", "versionType": "semver" }, { "lessThanOrEqual": "7.20.1", "status": "affected", "version": "7.20.1", "versionType": "semver" }, { "lessThanOrEqual": "7.20.0", "status": "affected", "version": "7.20.0", "versionType": "semver" }, { "lessThanOrEqual": "7.19.7", "status": "affected", "version": "7.19.7", "versionType": "semver" }, { "lessThanOrEqual": "7.19.6", "status": "affected", "version": "7.19.6", "versionType": "semver" }, { "lessThanOrEqual": "7.19.5", "status": "affected", "version": "7.19.5", "versionType": "semver" }, { "lessThanOrEqual": "7.19.4", "status": "affected", "version": "7.19.4", "versionType": "semver" }, { "lessThanOrEqual": "7.19.3", "status": "affected", "version": "7.19.3", "versionType": "semver" }, { "lessThanOrEqual": "7.19.2", "status": "affected", "version": "7.19.2", "versionType": "semver" }, { "lessThanOrEqual": "7.19.1", "status": "affected", "version": "7.19.1", "versionType": "semver" }, { "lessThanOrEqual": "7.19.0", "status": "affected", "version": "7.19.0", "versionType": "semver" }, { "lessThanOrEqual": "7.18.2", "status": "affected", "version": "7.18.2", "versionType": "semver" }, { "lessThanOrEqual": "7.18.1", "status": "affected", "version": "7.18.1", "versionType": "semver" }, { "lessThanOrEqual": "7.18.0", "status": "affected", "version": "7.18.0", "versionType": "semver" }, { "lessThanOrEqual": "7.17.1", "status": "affected", "version": "7.17.1", "versionType": "semver" }, { "lessThanOrEqual": "7.17.0", "status": "affected", "version": "7.17.0", "versionType": "semver" }, { "lessThanOrEqual": "7.16.4", "status": "affected", "version": "7.16.4", "versionType": "semver" }, { "lessThanOrEqual": "7.16.3", "status": "affected", "version": "7.16.3", "versionType": "semver" }, { "lessThanOrEqual": "7.16.2", "status": "affected", "version": "7.16.2", "versionType": "semver" }, { "lessThanOrEqual": "7.16.1", "status": "affected", "version": "7.16.1", "versionType": "semver" }, { "lessThanOrEqual": "7.16.0", "status": "affected", "version": "7.16.0", "versionType": "semver" }, { "lessThanOrEqual": "7.15.5", "status": "affected", "version": "7.15.5", "versionType": "semver" }, { "lessThanOrEqual": "7.15.4", "status": "affected", "version": "7.15.4", "versionType": "semver" }, { "lessThanOrEqual": "7.15.3", "status": "affected", "version": "7.15.3", "versionType": "semver" }, { "lessThanOrEqual": "7.15.2", "status": "affected", "version": "7.15.2", "versionType": "semver" }, { "lessThanOrEqual": "7.15.1", "status": "affected", "version": "7.15.1", "versionType": "semver" }, { "lessThanOrEqual": "7.15.0", "status": "affected", "version": "7.15.0", "versionType": "semver" }, { "lessThanOrEqual": "7.14.1", "status": "affected", "version": "7.14.1", "versionType": "semver" }, { "lessThanOrEqual": "7.14.0", "status": "affected", "version": "7.14.0", "versionType": "semver" }, { "lessThanOrEqual": "7.13.2", "status": "affected", "version": "7.13.2", "versionType": "semver" }, { "lessThanOrEqual": "7.13.1", "status": "affected", "version": "7.13.1", "versionType": "semver" }, { "lessThanOrEqual": "7.13.0", "status": "affected", "version": "7.13.0", "versionType": "semver" }, { "lessThanOrEqual": "7.12.3", "status": "affected", "version": "7.12.3", "versionType": "semver" }, { "lessThanOrEqual": "7.12.2", "status": "affected", "version": "7.12.2", "versionType": "semver" }, { "lessThanOrEqual": "7.12.1", "status": "affected", "version": "7.12.1", "versionType": "semver" }, { "lessThanOrEqual": "7.12.0", "status": "affected", "version": "7.12.0", "versionType": "semver" }, { "lessThanOrEqual": "7.11.2", "status": "affected", "version": "7.11.2", "versionType": "semver" }, { "lessThanOrEqual": "7.11.1", "status": "affected", "version": "7.11.1", "versionType": "semver" }, { "lessThanOrEqual": "7.11.0", "status": "affected", "version": "7.11.0", "versionType": "semver" }, { "lessThanOrEqual": "7.10.8", "status": "affected", "version": "7.10.8", "versionType": "semver" }, { "lessThanOrEqual": "7.10.7", "status": "affected", "version": "7.10.7", "versionType": "semver" }, { "lessThanOrEqual": "7.10.6", "status": "affected", "version": "7.10.6", "versionType": "semver" }, { "lessThanOrEqual": "7.10.5", "status": "affected", "version": "7.10.5", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "z2_" }, { "lang": "en", "type": "remediation developer", "value": "Daniel Stenberg" } ], "descriptions": [ { "lang": "en", "value": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-680 Integer Overflow to Buffer Overflow", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-05T09:18:20.468Z", "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "shortName": "curl" }, "references": [ { "name": "json", "url": "https://curl.se/docs/CVE-2025-0725.json" }, { "name": "www", "url": "https://curl.se/docs/CVE-2025-0725.html" }, { "name": "issue", "url": "https://hackerone.com/reports/2956023" } ], "title": "gzip integer overflow" } }, "cveMetadata": { "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "assignerShortName": "curl", "cveId": "CVE-2025-0725", "datePublished": "2025-02-05T09:18:20.468Z", "dateReserved": "2025-01-27T04:58:09.514Z", "dateUpdated": "2025-06-12T16:04:29.956Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-23083 (GCVE-0-2025-23083)
Vulnerability from cvelistv5
Published
2025-01-22 01:11
Modified
2025-07-22 15:23
Severity ?
VLAI Severity ?
EPSS score ?
Summary
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage.
This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
NodeJS | Node |
Version: 4.0 ≤ Version: 5.0 ≤ Version: 6.0 ≤ Version: 7.0 ≤ Version: 8.0 ≤ Version: 9.0 ≤ Version: 10.0 ≤ Version: 11.0 ≤ Version: 12.0 ≤ Version: 13.0 ≤ Version: 14.0 ≤ Version: 15.0 ≤ Version: 16.0 ≤ Version: 17.0 ≤ Version: 19.0 ≤ Version: 20.0 ≤ Version: 21.0 ≤ Version: 22.0 ≤ Version: 23.0 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-23083", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-01-28T04:55:27.327533Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-06T14:09:06.805Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2025-07-22T15:23:52.842Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20250228-0008/" }, { "url": "https://www.vicarius.io/vsociety/posts/cve-2025-23083-detect-nodejs-vulnerability" }, { "url": "https://www.vicarius.io/vsociety/posts/cve-2025-23083-mitigate-nodejs-vulnerability" } ], "title": "CVE Program Container", "x_generator": { "engine": "ADPogram 0.0.1" } } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Node", "vendor": "NodeJS", "versions": [ { "lessThan": "4.*", "status": "affected", "version": "4.0", "versionType": "semver" }, { "lessThan": "5.*", "status": "affected", "version": "5.0", "versionType": "semver" }, { "lessThan": "6.*", "status": "affected", "version": "6.0", "versionType": "semver" }, { "lessThan": "7.*", "status": "affected", "version": "7.0", "versionType": "semver" }, { "lessThan": "8.*", "status": "affected", "version": "8.0", "versionType": "semver" }, { "lessThan": "9.*", "status": "affected", "version": "9.0", "versionType": "semver" }, { "lessThan": "10.*", "status": "affected", "version": "10.0", "versionType": "semver" }, { "lessThan": "11.*", "status": "affected", "version": "11.0", "versionType": "semver" }, { "lessThan": "12.*", "status": "affected", "version": "12.0", "versionType": "semver" }, { "lessThan": "13.*", "status": "affected", "version": "13.0", "versionType": "semver" }, { "lessThan": "14.*", "status": "affected", "version": "14.0", "versionType": "semver" }, { "lessThan": "15.*", "status": "affected", "version": "15.0", "versionType": "semver" }, { "lessThan": "16.*", "status": "affected", "version": "16.0", "versionType": "semver" }, { "lessThan": "17.*", "status": "affected", "version": "17.0", "versionType": "semver" }, { "lessThan": "19.*", "status": "affected", "version": "19.0", "versionType": "semver" }, { "lessThan": "20.18.2", "status": "affected", "version": "20.0", "versionType": "semver" }, { "lessThan": "21.*", "status": "affected", "version": "21.0", "versionType": "semver" }, { "lessThan": "22.13.1", "status": "affected", "version": "22.0", "versionType": "semver" }, { "lessThan": "23.6.1", "status": "affected", "version": "23.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23." } ], "metrics": [ { "cvssV3_0": { "baseScore": 7.7, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } } ], "providerMetadata": { "dateUpdated": "2025-04-30T22:25:22.434Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2025-23083", "datePublished": "2025-01-22T01:11:30.802Z", "dateReserved": "2025-01-10T19:05:52.771Z", "dateUpdated": "2025-07-22T15:23:52.842Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2024-11053 (GCVE-0-2024-11053)
Vulnerability from cvelistv5
Published
2024-12-11 07:34
Modified
2025-01-31 15:02
Severity ?
VLAI Severity ?
EPSS score ?
Summary
When asked to both use a `.netrc` file for credentials and to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has an entry that matches
the redirect target hostname but the entry either omits just the password or
omits both login and password.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
curl | curl |
Version: 8.11.0 ≤ 8.11.0 Version: 8.10.1 ≤ 8.10.1 Version: 8.10.0 ≤ 8.10.0 Version: 8.9.1 ≤ 8.9.1 Version: 8.9.0 ≤ 8.9.0 Version: 8.8.0 ≤ 8.8.0 Version: 8.7.1 ≤ 8.7.1 Version: 8.7.0 ≤ 8.7.0 Version: 8.6.0 ≤ 8.6.0 Version: 8.5.0 ≤ 8.5.0 Version: 8.4.0 ≤ 8.4.0 Version: 8.3.0 ≤ 8.3.0 Version: 8.2.1 ≤ 8.2.1 Version: 8.2.0 ≤ 8.2.0 Version: 8.1.2 ≤ 8.1.2 Version: 8.1.1 ≤ 8.1.1 Version: 8.1.0 ≤ 8.1.0 Version: 8.0.1 ≤ 8.0.1 Version: 8.0.0 ≤ 8.0.0 Version: 7.88.1 ≤ 7.88.1 Version: 7.88.0 ≤ 7.88.0 Version: 7.87.0 ≤ 7.87.0 Version: 7.86.0 ≤ 7.86.0 Version: 7.85.0 ≤ 7.85.0 Version: 7.84.0 ≤ 7.84.0 Version: 7.83.1 ≤ 7.83.1 Version: 7.83.0 ≤ 7.83.0 Version: 7.82.0 ≤ 7.82.0 Version: 7.81.0 ≤ 7.81.0 Version: 7.80.0 ≤ 7.80.0 Version: 7.79.1 ≤ 7.79.1 Version: 7.79.0 ≤ 7.79.0 Version: 7.78.0 ≤ 7.78.0 Version: 7.77.0 ≤ 7.77.0 Version: 7.76.1 ≤ 7.76.1 Version: 7.76.0 ≤ 7.76.0 Version: 7.75.0 ≤ 7.75.0 Version: 7.74.0 ≤ 7.74.0 Version: 7.73.0 ≤ 7.73.0 Version: 7.72.0 ≤ 7.72.0 Version: 7.71.1 ≤ 7.71.1 Version: 7.71.0 ≤ 7.71.0 Version: 7.70.0 ≤ 7.70.0 Version: 7.69.1 ≤ 7.69.1 Version: 7.69.0 ≤ 7.69.0 Version: 7.68.0 ≤ 7.68.0 Version: 7.67.0 ≤ 7.67.0 Version: 7.66.0 ≤ 7.66.0 Version: 7.65.3 ≤ 7.65.3 Version: 7.65.2 ≤ 7.65.2 Version: 7.65.1 ≤ 7.65.1 Version: 7.65.0 ≤ 7.65.0 Version: 7.64.1 ≤ 7.64.1 Version: 7.64.0 ≤ 7.64.0 Version: 7.63.0 ≤ 7.63.0 Version: 7.62.0 ≤ 7.62.0 Version: 7.61.1 ≤ 7.61.1 Version: 7.61.0 ≤ 7.61.0 Version: 7.60.0 ≤ 7.60.0 Version: 7.59.0 ≤ 7.59.0 Version: 7.58.0 ≤ 7.58.0 Version: 7.57.0 ≤ 7.57.0 Version: 7.56.1 ≤ 7.56.1 Version: 7.56.0 ≤ 7.56.0 Version: 7.55.1 ≤ 7.55.1 Version: 7.55.0 ≤ 7.55.0 Version: 7.54.1 ≤ 7.54.1 Version: 7.54.0 ≤ 7.54.0 Version: 7.53.1 ≤ 7.53.1 Version: 7.53.0 ≤ 7.53.0 Version: 7.52.1 ≤ 7.52.1 Version: 7.52.0 ≤ 7.52.0 Version: 7.51.0 ≤ 7.51.0 Version: 7.50.3 ≤ 7.50.3 Version: 7.50.2 ≤ 7.50.2 Version: 7.50.1 ≤ 7.50.1 Version: 7.50.0 ≤ 7.50.0 Version: 7.49.1 ≤ 7.49.1 Version: 7.49.0 ≤ 7.49.0 Version: 7.48.0 ≤ 7.48.0 Version: 7.47.1 ≤ 7.47.1 Version: 7.47.0 ≤ 7.47.0 Version: 7.46.0 ≤ 7.46.0 Version: 7.45.0 ≤ 7.45.0 Version: 7.44.0 ≤ 7.44.0 Version: 7.43.0 ≤ 7.43.0 Version: 7.42.1 ≤ 7.42.1 Version: 7.42.0 ≤ 7.42.0 Version: 7.41.0 ≤ 7.41.0 Version: 7.40.0 ≤ 7.40.0 Version: 7.39.0 ≤ 7.39.0 Version: 7.38.0 ≤ 7.38.0 Version: 7.37.1 ≤ 7.37.1 Version: 7.37.0 ≤ 7.37.0 Version: 7.36.0 ≤ 7.36.0 Version: 7.35.0 ≤ 7.35.0 Version: 7.34.0 ≤ 7.34.0 Version: 7.33.0 ≤ 7.33.0 Version: 7.32.0 ≤ 7.32.0 Version: 7.31.0 ≤ 7.31.0 Version: 7.30.0 ≤ 7.30.0 Version: 7.29.0 ≤ 7.29.0 Version: 7.28.1 ≤ 7.28.1 Version: 7.28.0 ≤ 7.28.0 Version: 7.27.0 ≤ 7.27.0 Version: 7.26.0 ≤ 7.26.0 Version: 7.25.0 ≤ 7.25.0 Version: 7.24.0 ≤ 7.24.0 Version: 7.23.1 ≤ 7.23.1 Version: 7.23.0 ≤ 7.23.0 Version: 7.22.0 ≤ 7.22.0 Version: 7.21.7 ≤ 7.21.7 Version: 7.21.6 ≤ 7.21.6 Version: 7.21.5 ≤ 7.21.5 Version: 7.21.4 ≤ 7.21.4 Version: 7.21.3 ≤ 7.21.3 Version: 7.21.2 ≤ 7.21.2 Version: 7.21.1 ≤ 7.21.1 Version: 7.21.0 ≤ 7.21.0 Version: 7.20.1 ≤ 7.20.1 Version: 7.20.0 ≤ 7.20.0 Version: 7.19.7 ≤ 7.19.7 Version: 7.19.6 ≤ 7.19.6 Version: 7.19.5 ≤ 7.19.5 Version: 7.19.4 ≤ 7.19.4 Version: 7.19.3 ≤ 7.19.3 Version: 7.19.2 ≤ 7.19.2 Version: 7.19.1 ≤ 7.19.1 Version: 7.19.0 ≤ 7.19.0 Version: 7.18.2 ≤ 7.18.2 Version: 7.18.1 ≤ 7.18.1 Version: 7.18.0 ≤ 7.18.0 Version: 7.17.1 ≤ 7.17.1 Version: 7.17.0 ≤ 7.17.0 Version: 7.16.4 ≤ 7.16.4 Version: 7.16.3 ≤ 7.16.3 Version: 7.16.2 ≤ 7.16.2 Version: 7.16.1 ≤ 7.16.1 Version: 7.16.0 ≤ 7.16.0 Version: 7.15.5 ≤ 7.15.5 Version: 7.15.4 ≤ 7.15.4 Version: 7.15.3 ≤ 7.15.3 Version: 7.15.2 ≤ 7.15.2 Version: 7.15.1 ≤ 7.15.1 Version: 7.15.0 ≤ 7.15.0 Version: 7.14.1 ≤ 7.14.1 Version: 7.14.0 ≤ 7.14.0 Version: 7.13.2 ≤ 7.13.2 Version: 7.13.1 ≤ 7.13.1 Version: 7.13.0 ≤ 7.13.0 Version: 7.12.3 ≤ 7.12.3 Version: 7.12.2 ≤ 7.12.2 Version: 7.12.1 ≤ 7.12.1 Version: 7.12.0 ≤ 7.12.0 Version: 7.11.2 ≤ 7.11.2 Version: 7.11.1 ≤ 7.11.1 Version: 7.11.0 ≤ 7.11.0 Version: 7.10.8 ≤ 7.10.8 Version: 7.10.7 ≤ 7.10.7 Version: 7.10.6 ≤ 7.10.6 Version: 7.10.5 ≤ 7.10.5 Version: 7.10.4 ≤ 7.10.4 Version: 7.10.3 ≤ 7.10.3 Version: 7.10.2 ≤ 7.10.2 Version: 7.10.1 ≤ 7.10.1 Version: 7.10 ≤ 7.10 Version: 7.9.8 ≤ 7.9.8 Version: 7.9.7 ≤ 7.9.7 Version: 7.9.6 ≤ 7.9.6 Version: 7.9.5 ≤ 7.9.5 Version: 7.9.4 ≤ 7.9.4 Version: 7.9.3 ≤ 7.9.3 Version: 7.9.2 ≤ 7.9.2 Version: 7.9.1 ≤ 7.9.1 Version: 7.9 ≤ 7.9 Version: 7.8.1 ≤ 7.8.1 Version: 7.8 ≤ 7.8 Version: 7.7.3 ≤ 7.7.3 Version: 7.7.2 ≤ 7.7.2 Version: 7.7.1 ≤ 7.7.1 Version: 7.7 ≤ 7.7 Version: 7.6.1 ≤ 7.6.1 Version: 7.6 ≤ 7.6 Version: 7.5.2 ≤ 7.5.2 Version: 7.5.1 ≤ 7.5.1 Version: 7.5 ≤ 7.5 Version: 7.4.2 ≤ 7.4.2 Version: 7.4.1 ≤ 7.4.1 Version: 7.4 ≤ 7.4 Version: 7.3 ≤ 7.3 Version: 7.2.1 ≤ 7.2.1 Version: 7.2 ≤ 7.2 Version: 7.1.1 ≤ 7.1.1 Version: 7.1 ≤ 7.1 Version: 6.5.2 ≤ 6.5.2 Version: 6.5.1 ≤ 6.5.1 Version: 6.5 ≤ 6.5 |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2025-01-31T15:02:42.742Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/12/11/1" }, { "url": "https://security.netapp.com/advisory/ntap-20250124-0012/" }, { "url": "https://security.netapp.com/advisory/ntap-20250131-0003/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-11053", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-12-15T16:47:42.738403Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-15T16:50:59.398Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "curl", "vendor": "curl", "versions": [ { "lessThanOrEqual": "8.11.0", "status": "affected", "version": "8.11.0", "versionType": "semver" }, { "lessThanOrEqual": "8.10.1", "status": "affected", "version": "8.10.1", "versionType": "semver" }, { "lessThanOrEqual": "8.10.0", "status": "affected", "version": "8.10.0", "versionType": "semver" }, { "lessThanOrEqual": "8.9.1", "status": "affected", "version": "8.9.1", "versionType": "semver" }, { "lessThanOrEqual": "8.9.0", "status": "affected", "version": "8.9.0", "versionType": "semver" }, { "lessThanOrEqual": "8.8.0", "status": "affected", "version": "8.8.0", "versionType": "semver" }, { "lessThanOrEqual": "8.7.1", "status": "affected", "version": "8.7.1", "versionType": "semver" }, { "lessThanOrEqual": "8.7.0", "status": "affected", "version": "8.7.0", "versionType": "semver" }, { "lessThanOrEqual": "8.6.0", "status": "affected", "version": "8.6.0", "versionType": "semver" }, { "lessThanOrEqual": "8.5.0", "status": "affected", "version": "8.5.0", "versionType": "semver" }, { "lessThanOrEqual": "8.4.0", "status": "affected", "version": "8.4.0", "versionType": "semver" }, { "lessThanOrEqual": "8.3.0", "status": "affected", "version": "8.3.0", "versionType": "semver" }, { "lessThanOrEqual": "8.2.1", "status": "affected", "version": "8.2.1", "versionType": "semver" }, { "lessThanOrEqual": "8.2.0", "status": "affected", "version": "8.2.0", "versionType": "semver" }, { "lessThanOrEqual": "8.1.2", "status": "affected", "version": "8.1.2", "versionType": "semver" }, { "lessThanOrEqual": "8.1.1", "status": "affected", "version": "8.1.1", "versionType": "semver" }, { "lessThanOrEqual": "8.1.0", "status": "affected", "version": "8.1.0", "versionType": "semver" }, { "lessThanOrEqual": "8.0.1", "status": "affected", "version": "8.0.1", "versionType": "semver" }, { "lessThanOrEqual": "8.0.0", "status": "affected", "version": "8.0.0", "versionType": "semver" }, { "lessThanOrEqual": "7.88.1", "status": "affected", "version": "7.88.1", "versionType": "semver" }, { "lessThanOrEqual": "7.88.0", "status": "affected", "version": "7.88.0", "versionType": "semver" }, { "lessThanOrEqual": "7.87.0", "status": "affected", "version": "7.87.0", "versionType": "semver" }, { "lessThanOrEqual": "7.86.0", "status": "affected", "version": "7.86.0", "versionType": "semver" }, { "lessThanOrEqual": "7.85.0", "status": "affected", "version": "7.85.0", "versionType": "semver" }, { "lessThanOrEqual": "7.84.0", "status": "affected", "version": "7.84.0", "versionType": "semver" }, { "lessThanOrEqual": "7.83.1", "status": "affected", "version": "7.83.1", "versionType": "semver" }, { "lessThanOrEqual": "7.83.0", "status": "affected", "version": "7.83.0", "versionType": "semver" }, { "lessThanOrEqual": "7.82.0", "status": "affected", "version": "7.82.0", "versionType": "semver" }, { "lessThanOrEqual": "7.81.0", "status": "affected", "version": "7.81.0", "versionType": "semver" }, { "lessThanOrEqual": "7.80.0", "status": "affected", "version": "7.80.0", "versionType": "semver" }, { "lessThanOrEqual": "7.79.1", "status": "affected", "version": "7.79.1", "versionType": "semver" }, { "lessThanOrEqual": "7.79.0", "status": "affected", "version": "7.79.0", "versionType": "semver" }, { "lessThanOrEqual": "7.78.0", "status": "affected", "version": "7.78.0", "versionType": "semver" }, { "lessThanOrEqual": "7.77.0", "status": "affected", "version": "7.77.0", "versionType": "semver" }, { "lessThanOrEqual": "7.76.1", "status": "affected", "version": "7.76.1", "versionType": "semver" }, { "lessThanOrEqual": "7.76.0", "status": "affected", "version": "7.76.0", "versionType": "semver" }, { "lessThanOrEqual": "7.75.0", "status": "affected", "version": "7.75.0", "versionType": "semver" }, { "lessThanOrEqual": "7.74.0", "status": "affected", "version": "7.74.0", "versionType": "semver" }, { "lessThanOrEqual": "7.73.0", "status": "affected", "version": "7.73.0", "versionType": "semver" }, { "lessThanOrEqual": "7.72.0", "status": "affected", "version": "7.72.0", "versionType": "semver" }, { "lessThanOrEqual": "7.71.1", "status": "affected", "version": "7.71.1", "versionType": "semver" }, { "lessThanOrEqual": "7.71.0", "status": "affected", "version": "7.71.0", "versionType": "semver" }, { "lessThanOrEqual": "7.70.0", "status": "affected", "version": "7.70.0", "versionType": "semver" }, { "lessThanOrEqual": "7.69.1", "status": "affected", "version": "7.69.1", "versionType": "semver" }, { "lessThanOrEqual": "7.69.0", "status": "affected", "version": "7.69.0", "versionType": "semver" }, { "lessThanOrEqual": "7.68.0", "status": "affected", "version": "7.68.0", "versionType": "semver" }, { "lessThanOrEqual": "7.67.0", "status": "affected", "version": "7.67.0", "versionType": "semver" }, { "lessThanOrEqual": "7.66.0", "status": "affected", "version": "7.66.0", "versionType": "semver" }, { "lessThanOrEqual": "7.65.3", "status": "affected", "version": "7.65.3", "versionType": "semver" }, { "lessThanOrEqual": "7.65.2", "status": "affected", "version": "7.65.2", "versionType": "semver" }, { "lessThanOrEqual": "7.65.1", "status": "affected", "version": "7.65.1", "versionType": "semver" }, { "lessThanOrEqual": "7.65.0", "status": "affected", "version": "7.65.0", "versionType": "semver" }, { "lessThanOrEqual": "7.64.1", "status": "affected", "version": "7.64.1", "versionType": "semver" }, { "lessThanOrEqual": "7.64.0", "status": "affected", "version": "7.64.0", "versionType": "semver" }, { "lessThanOrEqual": "7.63.0", "status": "affected", "version": "7.63.0", "versionType": "semver" }, { "lessThanOrEqual": "7.62.0", "status": "affected", "version": "7.62.0", "versionType": "semver" }, { "lessThanOrEqual": "7.61.1", "status": "affected", "version": "7.61.1", "versionType": "semver" }, { "lessThanOrEqual": "7.61.0", "status": "affected", "version": "7.61.0", "versionType": "semver" }, { "lessThanOrEqual": "7.60.0", "status": "affected", "version": "7.60.0", "versionType": "semver" }, { "lessThanOrEqual": "7.59.0", "status": "affected", "version": "7.59.0", "versionType": "semver" }, { "lessThanOrEqual": "7.58.0", "status": "affected", "version": "7.58.0", "versionType": "semver" }, { "lessThanOrEqual": "7.57.0", "status": "affected", "version": "7.57.0", "versionType": "semver" }, { "lessThanOrEqual": "7.56.1", "status": "affected", "version": "7.56.1", "versionType": "semver" }, { "lessThanOrEqual": "7.56.0", "status": "affected", "version": "7.56.0", "versionType": "semver" }, { "lessThanOrEqual": "7.55.1", "status": "affected", "version": "7.55.1", "versionType": "semver" }, { "lessThanOrEqual": "7.55.0", "status": "affected", "version": "7.55.0", "versionType": "semver" }, { "lessThanOrEqual": "7.54.1", "status": "affected", "version": "7.54.1", "versionType": "semver" }, { "lessThanOrEqual": "7.54.0", "status": "affected", "version": "7.54.0", "versionType": "semver" }, { "lessThanOrEqual": "7.53.1", "status": "affected", "version": "7.53.1", "versionType": "semver" }, { "lessThanOrEqual": "7.53.0", "status": "affected", "version": "7.53.0", "versionType": "semver" }, { "lessThanOrEqual": "7.52.1", "status": "affected", "version": "7.52.1", "versionType": "semver" }, { "lessThanOrEqual": "7.52.0", "status": "affected", "version": "7.52.0", "versionType": "semver" }, { "lessThanOrEqual": "7.51.0", "status": "affected", "version": "7.51.0", "versionType": "semver" }, { "lessThanOrEqual": "7.50.3", "status": "affected", "version": "7.50.3", "versionType": "semver" }, { "lessThanOrEqual": "7.50.2", "status": "affected", "version": "7.50.2", "versionType": "semver" }, { "lessThanOrEqual": "7.50.1", "status": "affected", "version": "7.50.1", "versionType": "semver" }, { "lessThanOrEqual": "7.50.0", "status": "affected", "version": "7.50.0", "versionType": "semver" }, { "lessThanOrEqual": "7.49.1", "status": "affected", "version": "7.49.1", "versionType": "semver" }, { "lessThanOrEqual": "7.49.0", "status": "affected", "version": "7.49.0", "versionType": "semver" }, { "lessThanOrEqual": "7.48.0", "status": "affected", "version": "7.48.0", "versionType": "semver" }, { "lessThanOrEqual": "7.47.1", "status": "affected", "version": "7.47.1", "versionType": "semver" }, { "lessThanOrEqual": "7.47.0", "status": "affected", "version": "7.47.0", "versionType": "semver" }, { "lessThanOrEqual": "7.46.0", "status": "affected", "version": "7.46.0", "versionType": "semver" }, { "lessThanOrEqual": "7.45.0", "status": "affected", "version": "7.45.0", "versionType": "semver" }, { "lessThanOrEqual": "7.44.0", "status": "affected", "version": "7.44.0", "versionType": "semver" }, { "lessThanOrEqual": "7.43.0", "status": "affected", "version": "7.43.0", "versionType": "semver" }, { "lessThanOrEqual": "7.42.1", "status": "affected", "version": "7.42.1", "versionType": "semver" }, { "lessThanOrEqual": "7.42.0", "status": "affected", "version": "7.42.0", "versionType": "semver" }, { "lessThanOrEqual": "7.41.0", "status": "affected", "version": "7.41.0", "versionType": "semver" }, { "lessThanOrEqual": "7.40.0", "status": "affected", "version": "7.40.0", "versionType": "semver" }, { "lessThanOrEqual": "7.39.0", "status": "affected", "version": "7.39.0", "versionType": "semver" }, { "lessThanOrEqual": "7.38.0", "status": "affected", "version": "7.38.0", "versionType": "semver" }, { "lessThanOrEqual": "7.37.1", "status": "affected", "version": "7.37.1", "versionType": "semver" }, { "lessThanOrEqual": "7.37.0", "status": "affected", "version": "7.37.0", "versionType": "semver" }, { "lessThanOrEqual": "7.36.0", "status": "affected", "version": "7.36.0", "versionType": "semver" }, { "lessThanOrEqual": "7.35.0", "status": "affected", "version": "7.35.0", "versionType": "semver" }, { "lessThanOrEqual": "7.34.0", "status": "affected", "version": "7.34.0", "versionType": "semver" }, { "lessThanOrEqual": "7.33.0", "status": "affected", "version": "7.33.0", "versionType": "semver" }, { "lessThanOrEqual": "7.32.0", "status": "affected", "version": "7.32.0", "versionType": "semver" }, { "lessThanOrEqual": "7.31.0", "status": "affected", "version": "7.31.0", "versionType": "semver" }, { "lessThanOrEqual": "7.30.0", "status": "affected", "version": "7.30.0", "versionType": "semver" }, { "lessThanOrEqual": "7.29.0", "status": "affected", "version": "7.29.0", "versionType": "semver" }, { "lessThanOrEqual": "7.28.1", "status": "affected", "version": "7.28.1", "versionType": "semver" }, { "lessThanOrEqual": "7.28.0", "status": "affected", "version": "7.28.0", "versionType": "semver" }, { "lessThanOrEqual": "7.27.0", "status": "affected", "version": "7.27.0", "versionType": "semver" }, { "lessThanOrEqual": "7.26.0", "status": "affected", "version": "7.26.0", "versionType": "semver" }, { "lessThanOrEqual": "7.25.0", "status": "affected", "version": "7.25.0", "versionType": "semver" }, { "lessThanOrEqual": "7.24.0", "status": "affected", "version": "7.24.0", "versionType": "semver" }, { "lessThanOrEqual": "7.23.1", "status": "affected", "version": "7.23.1", "versionType": "semver" }, { "lessThanOrEqual": "7.23.0", "status": "affected", "version": "7.23.0", "versionType": "semver" }, { "lessThanOrEqual": "7.22.0", "status": "affected", "version": "7.22.0", "versionType": "semver" }, { "lessThanOrEqual": "7.21.7", "status": "affected", "version": "7.21.7", "versionType": "semver" }, { "lessThanOrEqual": "7.21.6", "status": "affected", "version": "7.21.6", "versionType": "semver" }, { "lessThanOrEqual": "7.21.5", "status": "affected", "version": "7.21.5", "versionType": "semver" }, { "lessThanOrEqual": "7.21.4", "status": "affected", "version": "7.21.4", "versionType": "semver" }, { "lessThanOrEqual": "7.21.3", "status": "affected", "version": "7.21.3", "versionType": "semver" }, { "lessThanOrEqual": "7.21.2", "status": "affected", "version": "7.21.2", "versionType": "semver" }, { "lessThanOrEqual": "7.21.1", "status": "affected", "version": "7.21.1", "versionType": "semver" }, { "lessThanOrEqual": "7.21.0", "status": "affected", "version": "7.21.0", "versionType": "semver" }, { "lessThanOrEqual": "7.20.1", "status": "affected", "version": "7.20.1", "versionType": "semver" }, { "lessThanOrEqual": "7.20.0", "status": "affected", "version": "7.20.0", "versionType": "semver" }, { "lessThanOrEqual": "7.19.7", "status": "affected", "version": "7.19.7", "versionType": "semver" }, { "lessThanOrEqual": "7.19.6", "status": "affected", "version": "7.19.6", "versionType": "semver" }, { "lessThanOrEqual": "7.19.5", "status": "affected", "version": "7.19.5", "versionType": "semver" }, { "lessThanOrEqual": "7.19.4", "status": "affected", "version": "7.19.4", "versionType": "semver" }, { "lessThanOrEqual": "7.19.3", "status": "affected", "version": "7.19.3", "versionType": "semver" }, { "lessThanOrEqual": "7.19.2", "status": "affected", "version": "7.19.2", "versionType": "semver" }, { "lessThanOrEqual": "7.19.1", "status": "affected", "version": "7.19.1", "versionType": "semver" }, { "lessThanOrEqual": "7.19.0", "status": "affected", "version": "7.19.0", "versionType": "semver" }, { "lessThanOrEqual": "7.18.2", "status": "affected", "version": "7.18.2", "versionType": "semver" }, { "lessThanOrEqual": "7.18.1", "status": "affected", "version": "7.18.1", "versionType": "semver" }, { "lessThanOrEqual": "7.18.0", "status": "affected", "version": "7.18.0", "versionType": "semver" }, { "lessThanOrEqual": "7.17.1", "status": "affected", "version": "7.17.1", "versionType": "semver" }, { "lessThanOrEqual": "7.17.0", "status": "affected", "version": "7.17.0", "versionType": "semver" }, { "lessThanOrEqual": "7.16.4", "status": "affected", "version": "7.16.4", "versionType": "semver" }, { "lessThanOrEqual": "7.16.3", "status": "affected", "version": "7.16.3", "versionType": "semver" }, { "lessThanOrEqual": "7.16.2", "status": "affected", "version": "7.16.2", "versionType": "semver" }, { "lessThanOrEqual": "7.16.1", "status": "affected", "version": "7.16.1", "versionType": "semver" }, { "lessThanOrEqual": "7.16.0", "status": "affected", "version": "7.16.0", "versionType": "semver" }, { "lessThanOrEqual": "7.15.5", "status": "affected", "version": "7.15.5", "versionType": "semver" }, { "lessThanOrEqual": "7.15.4", "status": "affected", "version": "7.15.4", "versionType": "semver" }, { "lessThanOrEqual": "7.15.3", "status": "affected", "version": "7.15.3", "versionType": "semver" }, { "lessThanOrEqual": "7.15.2", "status": "affected", "version": "7.15.2", "versionType": "semver" }, { "lessThanOrEqual": "7.15.1", "status": "affected", "version": "7.15.1", "versionType": "semver" }, { "lessThanOrEqual": "7.15.0", "status": "affected", "version": "7.15.0", "versionType": "semver" }, { "lessThanOrEqual": "7.14.1", "status": "affected", "version": "7.14.1", "versionType": "semver" }, { "lessThanOrEqual": "7.14.0", "status": "affected", "version": "7.14.0", "versionType": "semver" }, { "lessThanOrEqual": "7.13.2", "status": "affected", "version": "7.13.2", "versionType": "semver" }, { "lessThanOrEqual": "7.13.1", "status": "affected", "version": "7.13.1", "versionType": "semver" }, { "lessThanOrEqual": "7.13.0", "status": "affected", "version": "7.13.0", "versionType": "semver" }, { "lessThanOrEqual": "7.12.3", "status": "affected", "version": "7.12.3", "versionType": "semver" }, { "lessThanOrEqual": "7.12.2", "status": "affected", "version": "7.12.2", "versionType": "semver" }, { "lessThanOrEqual": "7.12.1", "status": "affected", "version": "7.12.1", "versionType": "semver" }, { "lessThanOrEqual": "7.12.0", "status": "affected", "version": "7.12.0", "versionType": "semver" }, { "lessThanOrEqual": "7.11.2", "status": "affected", "version": "7.11.2", "versionType": "semver" }, { "lessThanOrEqual": "7.11.1", "status": "affected", "version": "7.11.1", "versionType": "semver" }, { "lessThanOrEqual": "7.11.0", "status": "affected", "version": "7.11.0", "versionType": "semver" }, { "lessThanOrEqual": "7.10.8", "status": "affected", "version": "7.10.8", "versionType": "semver" }, { "lessThanOrEqual": "7.10.7", "status": "affected", "version": "7.10.7", "versionType": "semver" }, { "lessThanOrEqual": "7.10.6", "status": "affected", "version": "7.10.6", "versionType": "semver" }, { "lessThanOrEqual": "7.10.5", "status": "affected", "version": "7.10.5", "versionType": "semver" }, { "lessThanOrEqual": "7.10.4", "status": "affected", "version": "7.10.4", "versionType": "semver" }, { "lessThanOrEqual": "7.10.3", "status": "affected", "version": "7.10.3", "versionType": "semver" }, { "lessThanOrEqual": "7.10.2", "status": "affected", "version": "7.10.2", "versionType": "semver" }, { "lessThanOrEqual": "7.10.1", "status": "affected", "version": "7.10.1", "versionType": "semver" }, { "lessThanOrEqual": "7.10", "status": "affected", "version": "7.10", "versionType": "semver" }, { "lessThanOrEqual": "7.9.8", "status": "affected", "version": "7.9.8", "versionType": "semver" }, { "lessThanOrEqual": "7.9.7", "status": "affected", "version": "7.9.7", "versionType": "semver" }, { "lessThanOrEqual": "7.9.6", "status": "affected", "version": "7.9.6", "versionType": "semver" }, { "lessThanOrEqual": "7.9.5", "status": "affected", "version": "7.9.5", "versionType": "semver" }, { "lessThanOrEqual": "7.9.4", "status": "affected", "version": "7.9.4", "versionType": "semver" }, { "lessThanOrEqual": "7.9.3", "status": "affected", "version": "7.9.3", "versionType": "semver" }, { "lessThanOrEqual": "7.9.2", "status": "affected", "version": "7.9.2", "versionType": "semver" }, { "lessThanOrEqual": "7.9.1", "status": "affected", "version": "7.9.1", "versionType": "semver" }, { "lessThanOrEqual": "7.9", "status": "affected", "version": "7.9", "versionType": "semver" }, { "lessThanOrEqual": "7.8.1", "status": "affected", "version": "7.8.1", "versionType": "semver" }, { "lessThanOrEqual": "7.8", "status": "affected", "version": "7.8", "versionType": "semver" }, { "lessThanOrEqual": "7.7.3", "status": "affected", "version": "7.7.3", "versionType": "semver" }, { "lessThanOrEqual": "7.7.2", "status": "affected", "version": "7.7.2", "versionType": "semver" }, { "lessThanOrEqual": "7.7.1", "status": "affected", "version": "7.7.1", "versionType": "semver" }, { "lessThanOrEqual": "7.7", "status": "affected", "version": "7.7", "versionType": "semver" }, { "lessThanOrEqual": "7.6.1", "status": "affected", "version": "7.6.1", "versionType": "semver" }, { "lessThanOrEqual": "7.6", "status": "affected", "version": "7.6", "versionType": "semver" }, { "lessThanOrEqual": "7.5.2", "status": "affected", "version": "7.5.2", "versionType": "semver" }, { "lessThanOrEqual": "7.5.1", "status": "affected", "version": "7.5.1", "versionType": "semver" }, { "lessThanOrEqual": "7.5", "status": "affected", "version": "7.5", "versionType": "semver" }, { "lessThanOrEqual": "7.4.2", "status": "affected", "version": "7.4.2", "versionType": "semver" }, { "lessThanOrEqual": "7.4.1", "status": "affected", "version": "7.4.1", "versionType": "semver" }, { "lessThanOrEqual": "7.4", "status": "affected", "version": "7.4", "versionType": "semver" }, { "lessThanOrEqual": "7.3", "status": "affected", "version": "7.3", "versionType": "semver" }, { "lessThanOrEqual": "7.2.1", "status": "affected", "version": "7.2.1", "versionType": "semver" }, { "lessThanOrEqual": "7.2", "status": "affected", "version": "7.2", "versionType": "semver" }, { "lessThanOrEqual": "7.1.1", "status": "affected", "version": "7.1.1", "versionType": "semver" }, { "lessThanOrEqual": "7.1", "status": "affected", "version": "7.1", "versionType": "semver" }, { "lessThanOrEqual": "6.5.2", "status": "affected", "version": "6.5.2", "versionType": "semver" }, { "lessThanOrEqual": "6.5.1", "status": "affected", "version": "6.5.1", "versionType": "semver" }, { "lessThanOrEqual": "6.5", "status": "affected", "version": "6.5", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Harry Sintonen" }, { "lang": "en", "type": "remediation developer", "value": "Daniel Stenberg" } ], "descriptions": [ { "lang": "en", "value": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-11T07:34:29.539Z", "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "shortName": "curl" }, "references": [ { "name": "json", "url": "https://curl.se/docs/CVE-2024-11053.json" }, { "name": "www", "url": "https://curl.se/docs/CVE-2024-11053.html" }, { "name": "issue", "url": "https://hackerone.com/reports/2829063" } ], "title": "netrc and redirect credential leak" } }, "cveMetadata": { "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "assignerShortName": "curl", "cveId": "CVE-2024-11053", "datePublished": "2024-12-11T07:34:29.539Z", "dateReserved": "2024-11-09T18:41:55.703Z", "dateUpdated": "2025-01-31T15:02:42.742Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-0665 (GCVE-0-2025-0665)
Vulnerability from cvelistv5
Published
2025-02-05 09:16
Modified
2025-03-18 18:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
libcurl would wrongly close the same eventfd file descriptor twice when taking
down a connection channel after having completed a threaded name resolve.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2025-03-07T00:10:49.291Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2025/02/05/2" }, { "url": "http://www.openwall.com/lists/oss-security/2025/02/05/5" }, { "url": "https://security.netapp.com/advisory/ntap-20250306-0007/" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2025-0665", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-02-05T14:23:58.190612Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1341", "description": "CWE-1341 Multiple Releases of Same Resource or Handle", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-18T18:10:27.907Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "curl", "vendor": "curl", "versions": [ { "lessThanOrEqual": "8.11.1", "status": "affected", "version": "8.11.1", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Christian Heusel" }, { "lang": "en", "type": "remediation developer", "value": "Andy Pan" } ], "descriptions": [ { "lang": "en", "value": "libcurl would wrongly close the same eventfd file descriptor twice when taking\ndown a connection channel after having completed a threaded name resolve." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-1341 Multiple Releases of Same Resource or Handle", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-05T09:16:49.038Z", "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "shortName": "curl" }, "references": [ { "name": "json", "url": "https://curl.se/docs/CVE-2025-0665.json" }, { "name": "www", "url": "https://curl.se/docs/CVE-2025-0665.html" }, { "name": "issue", "url": "https://hackerone.com/reports/2954286" } ], "title": "eventfd double close" } }, "cveMetadata": { "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9", "assignerShortName": "curl", "cveId": "CVE-2025-0665", "datePublished": "2025-02-05T09:16:49.038Z", "dateReserved": "2025-01-23T08:40:34.867Z", "dateUpdated": "2025-03-18T18:10:27.907Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-1091 (GCVE-0-2025-1091)
Vulnerability from cvelistv5
Published
2025-02-25 23:27
Modified
2025-02-26 15:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Tenable | Tenable Identity Exposure |
Version: 0 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-1091", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-26T14:46:58.786903Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-26T15:43:26.749Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "platforms": [ "Windows" ], "product": "Tenable Identity Exposure", "vendor": "Tenable", "versions": [ { "lessThan": "3.77.9", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-02-20T19:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known." } ], "value": "A Broken Authorization schema exists where any authenticated user could download IOA script and configuration files if the URL is known." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-25T23:27:44.401Z", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "url": "https://www.tenable.com/security/tns-2025-01" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Tenable has released Tenable Identity Exposure Version 3.77.9, which includes fixes to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/identity-exposure\"\u003ehttps://www.tenable.com/downloads/identity-exposure\u003c/a\u003e\n\n\u003cbr\u003e" } ], "value": "Tenable has released Tenable Identity Exposure Version 3.77.9, which includes fixes to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/identity-exposure" } ], "source": { "advisory": "TNS-2025-01", "discovery": "EXTERNAL" }, "title": "Broken Authorization Schema", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2025-1091", "datePublished": "2025-02-25T23:27:44.401Z", "dateReserved": "2025-02-06T19:30:20.405Z", "dateUpdated": "2025-02-26T15:43:26.749Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
CVE-2025-0760 (GCVE-0-2025-0760)
Vulnerability from cvelistv5
Published
2025-02-25 23:31
Modified
2025-02-26 15:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-522 - Insufficiently Protected Credentials
Summary
A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption.
References
Impacted products
Vendor | Product | Version | ||
---|---|---|---|---|
Tenable | Tenable Identity Exposure |
Version: 0 ≤ |
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-0760", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2025-02-26T14:46:56.345183Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-02-26T15:43:21.203Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "platforms": [ "Windows" ], "product": "Tenable Identity Exposure", "vendor": "Tenable", "versions": [ { "lessThan": "3.77.9", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "datePublic": "2025-02-20T19:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption." } ], "value": "A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-522", "description": "CWE-522 Insufficiently Protected Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-02-25T23:31:24.292Z", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable" }, "references": [ { "url": "https://www.tenable.com/security/tns-2025-01" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Tenable has released Tenable Identity Exposure Version 3.77.9, which includes fixes to address these issues. The installation files can be obtained from the Tenable Downloads Portal: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.tenable.com/downloads/identity-exposure\"\u003ehttps://www.tenable.com/downloads/identity-exposure\u003c/a\u003e\n\n\u003cbr\u003e" } ], "value": "Tenable has released Tenable Identity Exposure Version 3.77.9, which includes fixes to address these issues. The installation files can be obtained from the Tenable Downloads Portal: https://www.tenable.com/downloads/identity-exposure" } ], "source": { "advisory": "TNS-2025-01", "discovery": "EXTERNAL" }, "title": "Stored Credential Disclosure Vulnerability", "x_generator": { "engine": "Vulnogram 0.2.0" } } }, "cveMetadata": { "assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2025-0760", "datePublished": "2025-02-25T23:31:24.292Z", "dateReserved": "2025-01-27T18:25:40.323Z", "dateUpdated": "2025-02-26T15:43:21.203Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…