{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-50092",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-16T13:48:03.467843Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-16T13:48:07.266Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.42",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.5",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.3.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.42",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.5",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.3.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).  Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and  9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T19:27:46.243Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-50092",
    "datePublished": "2025-07-15T19:27:46.243Z",
    "dateReserved": "2025-06-11T22:56:56.112Z",
    "dateUpdated": "2025-07-16T13:48:07.266Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:52:34.973Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240201-0002/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20918",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-25T05:01:02.847161Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-20T17:44:30.149Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u391"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u391-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.21"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.9"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.8"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-01T17:06:45.864Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2024.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240201-0002/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-20918",
    "datePublished": "2024-01-16T21:41:14.954Z",
    "dateReserved": "2023-12-07T22:28:10.619Z",
    "dateUpdated": "2025-11-03T21:52:34.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-58266",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-28T15:03:47.228818Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-28T15:03:56.004Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "shlex",
          "vendor": "comex",
          "versions": [
            {
              "lessThan": "1.2.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \\xa0 characters, which may facilitate command injection."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116 Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-27T21:51:26.103Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://rustsec.org/advisories/RUSTSEC-2024-0006.html"
        },
        {
          "url": "https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27"
        },
        {
          "url": "https://crates.io/crates/shlex"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-58266",
    "datePublished": "2025-07-27T00:00:00.000Z",
    "dateReserved": "2025-07-27T00:00:00.000Z",
    "dateUpdated": "2025-07-28T15:03:56.004Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58754",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-12T13:08:38.895896Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-12T13:08:42.426Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "axios",
          "vendor": "axios",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.12.0"
            },
            {
              "status": "affected",
              "version": "\u003c 0.30.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: \u0027stream\u0027`. Versions 0.30.2 and 1.12.0 contain a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T14:26:30.869Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
        },
        {
          "name": "https://github.com/axios/axios/pull/7011",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/pull/7011"
        },
        {
          "name": "https://github.com/axios/axios/pull/7034",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/pull/7034"
        },
        {
          "name": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
        },
        {
          "name": "https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67"
        },
        {
          "name": "https://github.com/axios/axios/releases/tag/v0.30.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/releases/tag/v0.30.2"
        },
        {
          "name": "https://github.com/axios/axios/releases/tag/v1.12.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/releases/tag/v1.12.0"
        }
      ],
      "source": {
        "advisory": "GHSA-4hjh-wcwx-xvwj",
        "discovery": "UNKNOWN"
      },
      "title": "Axios is vulnerable to DoS attack through lack of data size check"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-58754",
    "datePublished": "2025-09-12T01:16:40.513Z",
    "dateReserved": "2025-09-04T19:18:09.499Z",
    "dateUpdated": "2025-09-29T14:26:30.869Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-55193",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-14T13:42:07.857418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-14T14:51:11.284Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rails",
          "vendor": "rails",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 0, \u003c 7.1.5.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 7.2, \u003c 7.2.2.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 8.0, \u003c 8.0.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Active Record connects classes to relational database tables. Prior to versions 7.1.5.2, 7.2.2.2, and 8.0.2.1, the ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. This issue has been patched in versions 7.1.5.2, 7.2.2.2, and 8.0.2.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-150",
              "description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-13T22:41:41.890Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rails/rails/security/advisories/GHSA-76r7-hhxj-r776"
        },
        {
          "name": "https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rails/rails/commit/3beef20013736fd52c5dcfdf061f7999ba318290"
        },
        {
          "name": "https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rails/rails/commit/568c0bc2f1e74c65d150a84b89a080949bf9eb9b"
        },
        {
          "name": "https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rails/rails/commit/6a944ca4805e72050a0fbb1a461534eb760d3202"
        }
      ],
      "source": {
        "advisory": "GHSA-76r7-hhxj-r776",
        "discovery": "UNKNOWN"
      },
      "title": "Active Record logging vulnerable to ANSI escape injection"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-55193",
    "datePublished": "2025-08-13T22:41:41.890Z",
    "dateReserved": "2025-08-08T21:55:07.963Z",
    "dateUpdated": "2025-08-14T14:51:11.284Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-35588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T19:11:40.314837Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T19:11:50.320Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:47.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "name": "FEDORA-2021-7701833090",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
          },
          {
            "name": "FEDORA-2021-1cc8ffd122",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
          },
          {
            "name": "FEDORA-2021-107c8c5063",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
          },
          {
            "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:7u311"
            },
            {
              "status": "affected",
              "version": "Java SE:8u301"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u311, 8u301; Oracle GraalVM Enterprise Edition: 20.3.3 and 21.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:08:08.052182",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "name": "FEDORA-2021-7701833090",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTYZWIXDFUV2H57YQZJWPOD3BC3I3EIQ/"
        },
        {
          "name": "FEDORA-2021-1cc8ffd122",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6EUURAQOIJYFZHQ7DFZCO6IKDPIAWTNK/"
        },
        {
          "name": "FEDORA-2021-107c8c5063",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GXTUWAWXVU37GRNIG4TPMA47THO6VAE6/"
        },
        {
          "name": "[debian-lts-announce] 20211109 [SECURITY] [DLA 2814-1] openjdk-8 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00008.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35588",
    "datePublished": "2021-10-20T10:50:31",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-08-04T00:40:47.361Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:38:00.793Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230908.txt"
          },
          {
            "name": "3.1.3 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5"
          },
          {
            "name": "3.0.11 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508"
          },
          {
            "name": "1.1.1w git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230921-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-4807",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:27:06.574022Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T20:42:52.433Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.1.3",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.11",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1w",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Zach Wilson"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Bernd Edlinger"
        }
      ],
      "datePublic": "2023-09-08T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\u003cbr\u003econtains a bug that might corrupt the internal state of applications on the\u003cbr\u003eWindows 64 platform when running on newer X86_64 processors supporting the\u003cbr\u003eAVX512-IFMA instructions.\u003cbr\u003e\u003cbr\u003eImpact summary: If in an application that uses the OpenSSL library an attacker\u003cbr\u003ecan influence whether the POLY1305 MAC algorithm is used, the application\u003cbr\u003estate might be corrupted with various application dependent consequences.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC (message authentication code) implementation in OpenSSL does\u003cbr\u003enot save the contents of non-volatile XMM registers on Windows 64 platform\u003cbr\u003ewhen calculating the MAC of data larger than 64 bytes. Before returning to\u003cbr\u003ethe caller all the XMM registers are set to zero rather than restoring their\u003cbr\u003eprevious content. The vulnerable code is used only on newer x86_64 processors\u003cbr\u003esupporting the AVX512-IFMA instructions.\u003cbr\u003e\u003cbr\u003eThe consequences of this kind of internal application state corruption can\u003cbr\u003ebe various - from no consequences, if the calling application does not\u003cbr\u003edepend on the contents of non-volatile XMM registers at all, to the worst\u003cbr\u003econsequences, where the attacker could get complete control of the application\u003cbr\u003eprocess. However given the contents of the registers are just zeroized so\u003cbr\u003ethe attacker cannot put arbitrary values inside, the most likely consequence,\u003cbr\u003eif any, would be an incorrect result of some application dependent\u003cbr\u003ecalculations or a crash leading to a denial of service.\u003cbr\u003e\u003cbr\u003eThe POLY1305 MAC algorithm is most frequently used as part of the\u003cbr\u003eCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\u003cbr\u003ealgorithm. The most common usage of this AEAD cipher is with TLS protocol\u003cbr\u003eversions 1.2 and 1.3 and a malicious client can influence whether this AEAD\u003cbr\u003ecipher is used by the server. This implies that server applications using\u003cbr\u003eOpenSSL can be potentially impacted. However we are currently not aware of\u003cbr\u003eany concrete application that would be affected by this issue therefore we\u003cbr\u003econsider this a Low severity security issue.\u003cbr\u003e\u003cbr\u003eAs a workaround the AVX512-IFMA instructions support can be disabled at\u003cbr\u003eruntime by setting the environment variable OPENSSL_ia32cap:\u003cbr\u003e\u003cbr\u003e   OPENSSL_ia32cap=:~0x200000\u003cbr\u003e\u003cbr\u003eThe FIPS provider is not affected by this issue."
            }
          ],
          "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications on the\nWindows 64 platform when running on newer X86_64 processors supporting the\nAVX512-IFMA instructions.\n\nImpact summary: If in an application that uses the OpenSSL library an attacker\ncan influence whether the POLY1305 MAC algorithm is used, the application\nstate might be corrupted with various application dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL does\nnot save the contents of non-volatile XMM registers on Windows 64 platform\nwhen calculating the MAC of data larger than 64 bytes. Before returning to\nthe caller all the XMM registers are set to zero rather than restoring their\nprevious content. The vulnerable code is used only on newer x86_64 processors\nsupporting the AVX512-IFMA instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However given the contents of the registers are just zeroized so\nthe attacker cannot put arbitrary values inside, the most likely consequence,\nif any, would be an incorrect result of some application dependent\ncalculations or a crash leading to a denial of service.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3 and a malicious client can influence whether this AEAD\ncipher is used by the server. This implies that server applications using\nOpenSSL can be potentially impacted. However we are currently not aware of\nany concrete application that would be affected by this issue therefore we\nconsider this a Low severity security issue.\n\nAs a workaround the AVX512-IFMA instructions support can be disabled at\nruntime by setting the environment variable OPENSSL_ia32cap:\n\n   OPENSSL_ia32cap=:~0x200000\n\nThe FIPS provider is not affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-440",
              "description": "CWE-440 Expected Behavior Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T14:55:50.502Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230908.txt"
        },
        {
          "name": "3.1.3 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4bfac4471f53c4f74c8d81020beb938f92d84ca5"
        },
        {
          "name": "3.0.11 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6754de4a121ec7f261b16723180df6592cbb4508"
        },
        {
          "name": "1.1.1w git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a632d534c73eeb3e3db8c7540d811194ef7c79ff"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "POLY1305 MAC implementation corrupts XMM registers on Windows",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2023-4807",
    "datePublished": "2023-09-08T11:01:53.663Z",
    "dateReserved": "2023-09-06T16:32:29.871Z",
    "dateUpdated": "2025-08-27T20:42:52.433Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20921",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-20T15:13:38.626637Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-276",
                "description": "CWE-276 Incorrect Default Permissions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:40:19.794Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:22:40.249Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2024.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240201-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u391"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u391-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.21"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.9"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.8"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and  22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-17T01:50:10.681Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-20921",
    "datePublished": "2024-02-17T01:50:10.681Z",
    "dateReserved": "2023-12-07T22:28:10.620Z",
    "dateUpdated": "2025-11-04T18:22:40.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4207",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T14:52:17.907978Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-08T14:56:08.741Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-09T18:03:35.540Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00011.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/05/09/3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PostgreSQL",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "17.5",
              "status": "affected",
              "version": "17",
              "versionType": "rpm"
            },
            {
              "lessThan": "16.9",
              "status": "affected",
              "version": "16",
              "versionType": "rpm"
            },
            {
              "lessThan": "15.13",
              "status": "affected",
              "version": "15",
              "versionType": "rpm"
            },
            {
              "lessThan": "14.18",
              "status": "affected",
              "version": "14",
              "versionType": "rpm"
            },
            {
              "lessThan": "13.21",
              "status": "affected",
              "version": "0",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination.  This affects the database server and also libpq.  Versions before PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-08T14:22:45.543Z",
        "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "shortName": "PostgreSQL"
      },
      "references": [
        {
          "url": "https://www.postgresql.org/support/security/CVE-2025-4207/"
        }
      ],
      "title": "PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
    "assignerShortName": "PostgreSQL",
    "cveId": "CVE-2025-4207",
    "datePublished": "2025-05-08T14:22:45.543Z",
    "dateReserved": "2025-05-02T00:03:22.439Z",
    "dateUpdated": "2025-05-09T18:03:35.540Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-22872",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T20:14:29.607584Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T20:15:13.433Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-16T23:03:07.693Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250516-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "Tokenizer.readStartTag"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            },
            {
              "name": "Tokenizer.Next"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.38.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Sean Ng (https://ensy.zip)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-79",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-16T17:13:02.550Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/662715"
        },
        {
          "url": "https://go.dev/issue/73070"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-3595"
        }
      ],
      "title": "Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-22872",
    "datePublished": "2025-04-16T17:13:02.550Z",
    "dateReserved": "2025-01-08T19:11:42.834Z",
    "dateUpdated": "2025-05-16T23:03:07.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.977Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-21349",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T17:35:33.447848Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T20:20:19.898Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-07T04:07:17",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21349",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21349",
    "datePublished": "2022-01-19T11:25:16",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-09-24T20:20:19.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4330",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-03T13:27:07.778910Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T13:24:45.824Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "tarfile"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.9.23",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.18",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.13",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.11",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.4",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.0b3",
              "status": "affected",
              "version": "3.14.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Caleb Brown (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Petr Viktorin"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Serhiy Storchaka"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Hugo van Kemenade"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "\u0141ukasz Langa"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Thomas Wouters"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Seth Larson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAllows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eYou are affected by this vulnerability if using the \u003ccode\u003etarfile\u003c/code\u003e\u0026nbsp;module to extract untrusted tar archives using \u003ccode\u003eTarFile.extractall()\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eTarFile.extract()\u003c/code\u003e\u0026nbsp;using the \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;parameter with a value of \u003ccode\u003e\"data\"\u003c/code\u003e\u0026nbsp;or \u003ccode\u003e\"tar\"\u003c/code\u003e. See the tarfile \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter\"\u003eextraction filters documentation\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\u003cp\u003eNote that for Python 3.14 or later the default value of \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\u003c/p\u003e\u003cp\u003eNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile  extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-07T17:36:07.725Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/135034"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/135037"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
        },
        {
          "tags": [
            "mitigation"
          ],
          "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Extraction filter bypass for linking outside extraction directory",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-4330",
    "datePublished": "2025-06-03T12:58:57.452Z",
    "dateReserved": "2025-05-05T15:05:14.302Z",
    "dateUpdated": "2025-07-07T17:36:07.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27210",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-21T17:11:02.439546Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-21T18:38:49.855Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:09:47.526Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/07/22/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "node",
          "vendor": "nodejs",
          "versions": [
            {
              "lessThan": "20.19.4",
              "status": "affected",
              "version": "20.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.17.1",
              "status": "affected",
              "version": "22.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4.1",
              "status": "affected",
              "version": "24.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "nodejs",
          "vendor": "nodejs",
          "versions": [
            {
              "lessThan": "4.*",
              "status": "affected",
              "version": "4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.*",
              "status": "affected",
              "version": "5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.*",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.*",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.*",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "9.*",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "10.*",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.*",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.*",
              "status": "affected",
              "version": "12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "13.*",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "14.*",
              "status": "affected",
              "version": "14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "15.*",
              "status": "affected",
              "version": "15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "16.*",
              "status": "affected",
              "version": "16.0",
              "versionType": "semver"
            },
            {
              "lessThan": "17.*",
              "status": "affected",
              "version": "17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "18.*",
              "status": "affected",
              "version": "18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "19.*",
              "status": "affected",
              "version": "19.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. \r\n\r\nThis vulnerability affects Windows users of `path.join` API."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-18T22:54:27.227Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://nodejs.org/en/blog/vulnerability/july-2025-security-releases"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2025-27210",
    "datePublished": "2025-07-18T22:54:27.227Z",
    "dateReserved": "2025-02-20T01:00:01.798Z",
    "dateUpdated": "2025-11-04T21:09:47.526Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.557Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:33.516Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21296",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21296",
    "datePublished": "2022-01-19T11:23:38",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:55.557Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-4673",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-11T17:59:02.225500Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-11T17:59:48.033Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/http",
          "product": "net/http",
          "programRoutines": [
            {
              "name": "Client.makeHeadersCopier"
            },
            {
              "name": "Client.Do"
            },
            {
              "name": "Client.Get"
            },
            {
              "name": "Client.Head"
            },
            {
              "name": "Client.Post"
            },
            {
              "name": "Client.PostForm"
            },
            {
              "name": "Get"
            },
            {
              "name": "Head"
            },
            {
              "name": "Post"
            },
            {
              "name": "PostForm"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.23.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.24.4",
              "status": "affected",
              "version": "1.24.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-11T16:42:53.054Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/679257"
        },
        {
          "url": "https://go.dev/issue/73816"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-3751"
        }
      ],
      "title": "Sensitive headers not cleared on cross-origin redirect in net/http"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-4673",
    "datePublished": "2025-06-11T16:42:53.054Z",
    "dateReserved": "2025-05-13T23:30:53.327Z",
    "dateUpdated": "2025-06-11T17:59:48.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8713",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-14T19:50:52.127054Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-14T19:51:04.708Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PostgreSQL",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "17.6",
              "status": "affected",
              "version": "17",
              "versionType": "rpm"
            },
            {
              "lessThan": "16.10",
              "status": "affected",
              "version": "16",
              "versionType": "rpm"
            },
            {
              "lessThan": "15.14",
              "status": "affected",
              "version": "15",
              "versionType": "rpm"
            },
            {
              "lessThan": "14.19",
              "status": "affected",
              "version": "14",
              "versionType": "rpm"
            },
            {
              "lessThan": "13.22",
              "status": "affected",
              "version": "0",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The PostgreSQL project thanks Dean Rasheed for reporting this problem."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access.  Separately, statistics allow a user to read sampled data that a row security policy intended to hide.  PostgreSQL maintains statistics for tables by sampling data available in columns; this data is consulted during the query planning process.  Prior to this release, a user could craft a leaky operator that bypassed view access control lists (ACLs) and bypassed row security policies in partitioning or table inheritance hierarchies.  Reachable statistics data notably included histograms and most-common-values lists.  CVE-2017-7484 and CVE-2019-10130 intended to close this class of vulnerability, but this gap remained.  Versions before PostgreSQL 17.6, 16.10, 15.14, 14.19, and 13.22 are affected."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1230",
              "description": "Exposure of Sensitive Information Through Metadata",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-14T13:00:05.807Z",
        "orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
        "shortName": "PostgreSQL"
      },
      "references": [
        {
          "url": "https://www.postgresql.org/support/security/CVE-2025-8713/"
        }
      ],
      "title": "PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
    "assignerShortName": "PostgreSQL",
    "cveId": "CVE-2025-8713",
    "datePublished": "2025-08-14T13:00:05.807Z",
    "dateReserved": "2025-08-07T16:39:46.270Z",
    "dateUpdated": "2025-08-14T19:51:04.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21937",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T13:34:57.672416Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-17T13:35:04.830Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:28.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:51.844Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21937",
    "datePublished": "2023-04-18T19:54:25.624Z",
    "dateReserved": "2022-12-17T19:26:00.722Z",
    "dateUpdated": "2025-02-13T16:40:27.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54798",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-07T14:04:19.811342Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-07T14:04:24.089Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:06:39.242Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "node-tmp",
          "vendor": "raszi",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.2.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-07T00:04:35.370Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/raszi/node-tmp/security/advisories/GHSA-52f5-9888-hmc6"
        },
        {
          "name": "https://github.com/raszi/node-tmp/issues/207",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/raszi/node-tmp/issues/207"
        },
        {
          "name": "https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/raszi/node-tmp/commit/188b25e529496e37adaf1a1d9dccb40019a08b1b"
        }
      ],
      "source": {
        "advisory": "GHSA-52f5-9888-hmc6",
        "discovery": "UNKNOWN"
      },
      "title": "tmp does not restrict arbitrary temporary file / directory write via symbolic link `dir` parameter"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54798",
    "datePublished": "2025-08-07T00:04:35.370Z",
    "dateReserved": "2025-07-29T16:50:28.395Z",
    "dateUpdated": "2025-11-03T20:06:39.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:57:16.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/issues/113171"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/pull/113179"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/17/3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240726-0004/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cpython",
            "vendor": "python",
            "versions": [
              {
                "lessThan": "3.12.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.13.0a6",
                "status": "affected",
                "version": "3.13.0a1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-4032",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T18:21:11.207929Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-697",
                "description": "CWE-697 Incorrect Comparison",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T15:55:55.506Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.8.20",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.9.20",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.15",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.10",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.4",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.0a6",
              "status": "affected",
              "version": "3.13.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe \u201cipaddress\u201d module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u2019t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "The \u201cipaddress\u201d module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as \u201cglobally reachable\u201d or \u201cprivate\u201d. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn\u2019t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries.\n\nCPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-07T02:44:42.321Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/113171"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/113179"
        },
        {
          "url": "https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml"
        },
        {
          "url": "https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/NRUHDUS2IV2USIZM2CVMSFL6SCKU3RZA/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/22adf29da8d99933ffed8647d3e0726edd16f7f8"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/40d75c2b7f5c67e254d0a025e0f2e2c7ada7f69f"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/895f7e2ac23eff4743143beef0f0c5ac71ea27d3"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/c62c9e518b784fe44432a3f4fc265fb95b651906"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/f86b17ac511e68192ba71f27e752321a3252cee3"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/17/3"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240726-0004/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Incorrect IPv4 and IPv6 private ranges",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2024-4032",
    "datePublished": "2024-06-17T15:05:58.827Z",
    "dateReserved": "2024-04-22T17:15:47.895Z",
    "dateUpdated": "2025-11-03T21:57:16.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21131",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-17T13:34:16.932375Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T17:07:59.694Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:13:42.680Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240719-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u411"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u411-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.23"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.11"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.3"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:22.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.11"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:22.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.14"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and  21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T13:06:06.593Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240719-0008/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21131",
    "datePublished": "2024-07-16T22:39:53.849Z",
    "dateReserved": "2023-12-07T22:28:10.682Z",
    "dateUpdated": "2025-02-13T17:33:11.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.732Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
          },
          {
            "name": "DSA-4668",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4668"
          },
          {
            "name": "FEDORA-2020-5386fe3bbb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
          },
          {
            "name": "FEDORA-2020-21ca991b3b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
          },
          {
            "name": "FEDORA-2020-a60ad9d4ec",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0800",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
          },
          {
            "name": "GLSA-202006-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-22"
          },
          {
            "name": "openSUSE-SU-2020:0841",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2803",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T14:41:31.754667Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T14:48:44.826Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u251, 8u241, 11.0.6, 14"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u241"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:36",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
        },
        {
          "name": "DSA-4668",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4668"
        },
        {
          "name": "FEDORA-2020-5386fe3bbb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
        },
        {
          "name": "FEDORA-2020-21ca991b3b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
        },
        {
          "name": "FEDORA-2020-a60ad9d4ec",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2020:0800",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
        },
        {
          "name": "GLSA-202006-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-22"
        },
        {
          "name": "openSUSE-SU-2020:0841",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2803",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u251, 8u241, 11.0.6, 14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u241"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "8.3",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
            },
            {
              "name": "DSA-4668",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4668"
            },
            {
              "name": "FEDORA-2020-5386fe3bbb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
            },
            {
              "name": "FEDORA-2020-21ca991b3b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
            },
            {
              "name": "FEDORA-2020-a60ad9d4ec",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2020:0800",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
            },
            {
              "name": "GLSA-202006-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-22"
            },
            {
              "name": "openSUSE-SU-2020:0841",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2803",
    "datePublished": "2020-04-15T13:29:47",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T14:48:44.826Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "java_se",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8u411"
              },
              {
                "status": "affected",
                "version": "8u411-perf"
              },
              {
                "status": "affected",
                "version": "11.0.23"
              },
              {
                "status": "affected",
                "version": "17.0.11"
              },
              {
                "status": "affected",
                "version": "21.0.3"
              },
              {
                "status": "affected",
                "version": "22.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:graalvm_for_jdk:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "graalvm_for_jdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "17.0.11"
              },
              {
                "status": "affected",
                "version": "21.0.3"
              },
              {
                "status": "affected",
                "version": "22.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:graalvm_enterprise_edition:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "graalvm_enterprise_edition",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "20.3.14"
              },
              {
                "status": "affected",
                "version": "21.3.10"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21147",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-18T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-19T03:55:25.572Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:13:42.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240719-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u411"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u411-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.23"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.11"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.3"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:22.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.11"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.3"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:22.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.14"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM Enterprise Edition: 20.3.14 and  21.3.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T13:06:13.008Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2024.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240719-0008/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21147",
    "datePublished": "2024-07-16T22:39:59.298Z",
    "dateReserved": "2023-12-07T22:28:10.683Z",
    "dateUpdated": "2025-02-13T17:33:14.325Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:53:43.278Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
          },
          {
            "name": "DSA-4779",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4779"
          },
          {
            "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202101-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-19"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14792",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T19:44:26.978320Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T20:22:17.546Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u271"
            },
            {
              "status": "affected",
              "version": "8u261"
            },
            {
              "status": "affected",
              "version": "11.0.8"
            },
            {
              "status": "affected",
              "version": "15; Java SE Embedded: 8u261"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-25T02:06:08",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
        },
        {
          "name": "DSA-4779",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4779"
        },
        {
          "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202101-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-19"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14792",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u271"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "8u261"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "11.0.8"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "15; Java SE Embedded: 8u261"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "4.2",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as  unauthorized read access to a subset of Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201023-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201023-0004/"
            },
            {
              "name": "DSA-4779",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4779"
            },
            {
              "name": "[debian-lts-announce] 20201030 [SECURITY] [DLA 2412-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00031.html"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202101-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-19"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14792",
    "datePublished": "2020-10-21T14:04:25",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-26T20:22:17.546Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:40:47.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "java_se",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8u301"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-35560",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T18:18:03.172834Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-06T18:54:39.750Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE:8u301"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE product of Oracle Java SE (component: Deployment). The supported version that is affected is Java SE: 8u301. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE.  Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:15.255742",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211022-0004/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-35560",
    "datePublished": "2021-10-20T10:50:08",
    "dateReserved": "2021-06-28T00:00:00",
    "dateUpdated": "2024-09-06T18:54:39.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:50:58.107Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/issues/109858"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bamsoftware.com/hacks/zipbomb/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250411-0005/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cpython",
            "vendor": "python",
            "versions": [
              {
                "lessThan": "3.8.18",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "3.9.18"
              },
              {
                "status": "affected",
                "version": "3.10.13"
              },
              {
                "status": "affected",
                "version": "3.11.7"
              },
              {
                "status": "affected",
                "version": "3.12.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0450",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-20T14:30:38.300055Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:00:26.971Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.8.19",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.9.19",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.14",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.8",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.2",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.0a3",
              "status": "affected",
              "version": "3.13.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-405",
              "description": "CWE-405",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T19:24:15.993Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/109858"
        },
        {
          "url": "https://www.bamsoftware.com/hacks/zipbomb/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Quoted zip-bomb protection for zipfile",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2024-0450",
    "datePublished": "2024-03-19T15:12:07.789Z",
    "dateReserved": "2024-01-11T22:16:41.964Z",
    "dateUpdated": "2025-11-03T21:50:58.107Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oracle:graalvm:21.3.5:*:*:*:enterprise:*:*:*",
              "cpe:2.3:a:oracle:graalvm:22.3.1:*:*:*:enterprise:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "graalvm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.3.5"
              },
              {
                "status": "affected",
                "version": "22.3.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jdk:11.0.18:*:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jdk:17.0.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jdk:1.8.0:update361:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jdk:20:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jdk",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "11.0.18"
              },
              {
                "status": "affected",
                "version": "17.0.6"
              },
              {
                "status": "affected",
                "version": "1.8.0"
              },
              {
                "status": "affected",
                "version": "20"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jre:11.0.18:*:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jre:17.0.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jre:1.8.0:update361:*:*:*:*:*:*",
              "cpe:2.3:a:oracle:jre:20:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jre",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "11.0.18"
              },
              {
                "status": "affected",
                "version": "17.0.6"
              },
              {
                "status": "affected",
                "version": "1.8.0"
              },
              {
                "status": "affected",
                "version": "20"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "oncommand_insight",
            "vendor": "netapp",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "10.0"
              },
              {
                "status": "affected",
                "version": "11.0"
              },
              {
                "status": "affected",
                "version": "12.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-21930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-22T19:44:31.998696Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-22T20:06:28.547Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:59:27.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.couchbase.com/alerts/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5430"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5478"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u361-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.18"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.6"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:20"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.9"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.5"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:22.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE).  Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and  22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:35.314Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        },
        {
          "url": "https://www.couchbase.com/alerts/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0008/"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5430"
        },
        {
          "url": "https://www.debian.org/security/2023/dsa-5478"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2023-21930",
    "datePublished": "2023-04-18T19:54:23.189Z",
    "dateReserved": "2022-12-17T19:26:00.718Z",
    "dateUpdated": "2025-02-13T16:40:25.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:17:02.849Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
          },
          {
            "name": "DSA-4662",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4662"
          },
          {
            "name": "USN-4337-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4337-1/"
          },
          {
            "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
          },
          {
            "name": "DSA-4668",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4668"
          },
          {
            "name": "FEDORA-2020-5386fe3bbb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
          },
          {
            "name": "FEDORA-2020-21ca991b3b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
          },
          {
            "name": "FEDORA-2020-a60ad9d4ec",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
          },
          {
            "name": "openSUSE-SU-2020:0757",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
          },
          {
            "name": "openSUSE-SU-2020:0800",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
          },
          {
            "name": "GLSA-202006-22",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-22"
          },
          {
            "name": "openSUSE-SU-2020:0841",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2781",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T14:57:27.440297Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T15:05:39.406Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u251, 8u241, 11.0.6, 14"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u241"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:35",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
        },
        {
          "name": "DSA-4662",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4662"
        },
        {
          "name": "USN-4337-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4337-1/"
        },
        {
          "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
        },
        {
          "name": "DSA-4668",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4668"
        },
        {
          "name": "FEDORA-2020-5386fe3bbb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
        },
        {
          "name": "FEDORA-2020-21ca991b3b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
        },
        {
          "name": "FEDORA-2020-a60ad9d4ec",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
        },
        {
          "name": "openSUSE-SU-2020:0757",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
        },
        {
          "name": "openSUSE-SU-2020:0800",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
        },
        {
          "name": "GLSA-202006-22",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-22"
        },
        {
          "name": "openSUSE-SU-2020:0841",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2781",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u251, 8u241, 11.0.6, 14"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u241"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200416-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200416-0004/"
            },
            {
              "name": "DSA-4662",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4662"
            },
            {
              "name": "USN-4337-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4337-1/"
            },
            {
              "name": "[debian-lts-announce] 20200429 [SECURITY] [DLA 2193-1] openjdk-7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00024.html"
            },
            {
              "name": "DSA-4668",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4668"
            },
            {
              "name": "FEDORA-2020-5386fe3bbb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7VHC4EW36KZEIDQ56RPCWBZCQELFFKN/"
            },
            {
              "name": "FEDORA-2020-21ca991b3b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAV6KFFAEANXAN73AFTGU7Z6YNRWCXQ/"
            },
            {
              "name": "FEDORA-2020-a60ad9d4ec",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYHHHZRHXCBGRHGE5UP7UEB4IZ2QX536/"
            },
            {
              "name": "openSUSE-SU-2020:0757",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00000.html"
            },
            {
              "name": "openSUSE-SU-2020:0800",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00023.html"
            },
            {
              "name": "GLSA-202006-22",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-22"
            },
            {
              "name": "openSUSE-SU-2020:0841",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00048.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10318"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2781",
    "datePublished": "2020-04-15T13:29:46",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T15:05:39.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4138",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-03T13:29:22.889454Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-03T13:29:36.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "tarfile"
          ],
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.9.23",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.18",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.13",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.11",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.4",
              "status": "affected",
              "version": "3.13.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.14.0b3",
              "status": "affected",
              "version": "3.14.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Caleb Brown (Google)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Petr Viktorin"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Serhiy Storchaka"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Hugo van Kemenade"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "\u0141ukasz Langa"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "Thomas Wouters"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "Seth Larson"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAllows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eYou are affected by this vulnerability if using the \u003ccode\u003etarfile\u003c/code\u003e\u0026nbsp;module to extract untrusted tar archives using \u003ccode\u003eTarFile.extractall()\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eTarFile.extract()\u003c/code\u003e\u0026nbsp;using the \u003ccode\u003efilter=\u003c/code\u003e\u0026nbsp;parameter with a value of \u003ccode\u003e\"data\"\u003c/code\u003e\u0026nbsp;or \u003ccode\u003e\"tar\"\u003c/code\u003e. See the tarfile \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter\"\u003eextraction filters documentation\u003c/a\u003e\u0026nbsp;for more information.\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eNote that for Python 3.14 or later the default value of \u003c/span\u003e\u003ccode\u003efilter=\u003c/code\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\u003c/span\u003e\u003c/p\u003e\u003cp\u003eNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links.\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata.\n\n\nYou are affected by this vulnerability if using the tarfile\u00a0module to extract untrusted tar archives using TarFile.extractall()\u00a0or TarFile.extract()\u00a0using the filter=\u00a0parameter with a value of \"data\"\u00a0or \"tar\". See the tarfile  extraction filters documentation https://docs.python.org/3/library/tarfile.html#tarfile-extraction-filter \u00a0for more information.\n\nNote that for Python 3.14 or later the default value of filter=\u00a0changed from \"no filtering\" to `\"data\", so if you are relying on this new default behavior then your usage is also affected.\n\nNote that none of these vulnerabilities significantly affect the installation of source distributions which are tar archives as source distributions already allow arbitrary code execution during the build process. However when evaluating source distributions it\u0027s important to avoid installing source distributions with suspicious links."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-07T17:36:01.739Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/135034"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/pull/135037"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
        },
        {
          "tags": [
            "mitigation"
          ],
          "url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/19de092debb3d7e832e5672cc2f7b788d35951da"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/aa9eb5f757ceff461e6e996f12c89e5d9b583b01"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/28463dba112af719df1e8b0391c46787ad756dd9"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/4633f3f497b1ff70e4a35b6fe2c907cbe2d4cb2e"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/9c1110ef6652687d7c55f590f909720eddde965a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/dd8f187d0746da151e0025c51680979ac5b4cfb1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2025-4138",
    "datePublished": "2025-06-03T12:59:02.717Z",
    "dateReserved": "2025-04-30T13:35:55.675Z",
    "dateUpdated": "2025-07-07T17:36:01.739Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53066",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-22T19:44:34.911215Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-200",
                "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T19:45:23.775Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:44:58.069Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00026.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u461"
            },
            {
              "status": "affected",
              "version": "8u461-perf"
            },
            {
              "status": "affected",
              "version": "11.0.28"
            },
            {
              "status": "affected",
              "version": "17.0.16"
            },
            {
              "status": "affected",
              "version": "21.0.8"
            },
            {
              "status": "affected",
              "version": "25"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.16"
            },
            {
              "status": "affected",
              "version": "21.0.8"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "21.3.15"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u461:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u461:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.28:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.16:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.8:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:25:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.16:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.8:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.15:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP).  Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and  21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-21T20:03:05.284Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-53066",
    "datePublished": "2025-10-21T20:03:05.284Z",
    "dateReserved": "2025-06-24T16:45:19.424Z",
    "dateUpdated": "2025-11-03T17:44:58.069Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21094",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T13:58:54.491709Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-349",
                "description": "CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:37:51.570Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:13:42.604Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Oracle Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240426-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:*",
            "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*"
          ],
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u401"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u401-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.22"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.10"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.2"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:22"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.10"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.2"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:22"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.13"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and  21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-26T09:06:56.013Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240426-0004/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21094",
    "datePublished": "2024-04-16T21:26:30.112Z",
    "dateReserved": "2023-12-07T22:28:10.672Z",
    "dateUpdated": "2025-02-13T17:33:08.945Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30722",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-17T13:37:19.238602Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-17T13:57:07.904Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:47:53.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250418-0005/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Cluster",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "7.6.33",
              "status": "affected",
              "version": "7.6.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "MySQL Client",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "7.6.33",
                  "versionStartIncluding": "7.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_client:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump).  Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Client accessible data as well as  unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Cluster accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:31:15.014Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-30722",
    "datePublished": "2025-04-15T20:31:15.014Z",
    "dateReserved": "2025-03-25T20:11:18.271Z",
    "dateUpdated": "2025-11-03T19:47:53.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:node.js:node.js:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "node.js",
            "vendor": "node.js",
            "versions": [
              {
                "lessThanOrEqual": "21.6.1",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22019",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-07T21:15:49.148447Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-404",
                "description": "CWE-404 Improper Resource Shutdown or Release",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T21:17:16.721Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:11:10.950Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/2233486"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240315-0004/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Node",
          "vendor": "NodeJS",
          "versions": [
            {
              "lessThan": "4.*",
              "status": "affected",
              "version": "4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.*",
              "status": "affected",
              "version": "5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.*",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.*",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.*",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "9.*",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "10.*",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.*",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.*",
              "status": "affected",
              "version": "12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "13.*",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "14.*",
              "status": "affected",
              "version": "14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "15.*",
              "status": "affected",
              "version": "15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "16.*",
              "status": "affected",
              "version": "16.0",
              "versionType": "semver"
            },
            {
              "lessThan": "17.*",
              "status": "affected",
              "version": "17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "18.19.1",
              "status": "affected",
              "version": "18.0",
              "versionType": "semver"
            },
            {
              "lessThan": "19.*",
              "status": "affected",
              "version": "19.0",
              "versionType": "semver"
            },
            {
              "lessThan": "20.11.1",
              "status": "affected",
              "version": "20.0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.6.2",
              "status": "affected",
              "version": "21.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-30T22:25:12.463Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/2233486"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240315-0004/"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2024-22019",
    "datePublished": "2024-02-20T01:31:08.092Z",
    "dateReserved": "2024-01-04T01:04:06.574Z",
    "dateUpdated": "2025-11-04T16:11:10.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37372",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-09T21:37:14.611469Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-09T21:38:02.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-02T23:03:00.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Node",
          "vendor": "NodeJS",
          "versions": [
            {
              "lessThan": "4.*",
              "status": "affected",
              "version": "4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.*",
              "status": "affected",
              "version": "5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.*",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.*",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.*",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "9.*",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "10.*",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.*",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.*",
              "status": "affected",
              "version": "12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "13.*",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "14.*",
              "status": "affected",
              "version": "14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "15.*",
              "status": "affected",
              "version": "15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "16.*",
              "status": "affected",
              "version": "16.0",
              "versionType": "semver"
            },
            {
              "lessThan": "17.*",
              "status": "affected",
              "version": "17.0",
              "versionType": "semver"
            },
            {
              "lessThan": "19.*",
              "status": "affected",
              "version": "19.0",
              "versionType": "semver"
            },
            {
              "lessThan": "20.15.1",
              "status": "affected",
              "version": "20.0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.*",
              "status": "affected",
              "version": "21.0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4.1",
              "status": "affected",
              "version": "22.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Permission Model assumes that any path starting with two backslashes \\ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 3.6,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-30T22:25:21.566Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/11/6"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/07/19/3"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2024-37372",
    "datePublished": "2025-01-09T00:33:47.662Z",
    "dateReserved": "2024-06-07T01:04:06.869Z",
    "dateUpdated": "2025-05-02T23:03:00.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30698",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T14:13:36.918077Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T15:40:23.285Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:47:43.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00026.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8u441"
            },
            {
              "status": "affected",
              "version": "8u441-perf"
            },
            {
              "status": "affected",
              "version": "11.0.26"
            },
            {
              "status": "affected",
              "version": "17.0.14"
            },
            {
              "status": "affected",
              "version": "21.0.6"
            },
            {
              "status": "affected",
              "version": "24"
            }
          ]
        },
        {
          "product": "Oracle GraalVM for JDK",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "17.0.14"
            },
            {
              "status": "affected",
              "version": "21.0.6"
            },
            {
              "status": "affected",
              "version": "24"
            }
          ]
        },
        {
          "product": "Oracle GraalVM Enterprise Edition",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "20.3.17"
            },
            {
              "status": "affected",
              "version": "21.3.13"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u441:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:8u441:*:*:*:enterprise_performance:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:11.0.26:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:17.0.14:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:21.0.6:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:java_se:24:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.14:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.6:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:24:*:*:*:*:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:20.3.17:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:graalvm:21.3.13:*:*:*:enterprise:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D).  Supported versions that are affected are Oracle Java SE: 8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK: 17.0.14, 21.0.6, 24; Oracle GraalVM Enterprise Edition: 20.3.17 and  21.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:31:05.719Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-30698",
    "datePublished": "2025-04-15T20:31:05.719Z",
    "dateReserved": "2025-03-25T20:11:18.263Z",
    "dateUpdated": "2025-11-03T19:47:43.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:14:06.670Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20230207.txt"
          },
          {
            "name": "3.0.8 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202402-08"
          },
          {
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 4.9,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-4203",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-06T15:57:14.416833Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-20T20:45:49.225Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.0.8",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Corey Bonnell from Digicert"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Viktor Dukhovni"
        }
      ],
      "datePublic": "2023-02-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A read buffer overrun can be triggered in X.509 certificate verification,\u003cbr\u003especifically in name constraint checking. Note that this occurs\u003cbr\u003eafter certificate chain signature verification and requires either a\u003cbr\u003eCA to have signed the malicious certificate or for the application to\u003cbr\u003econtinue certificate verification despite failure to construct a path\u003cbr\u003eto a trusted issuer.\u003cbr\u003e\u003cbr\u003eThe read buffer overrun might result in a crash which could lead to\u003cbr\u003ea denial of service attack. In theory it could also result in the disclosure\u003cbr\u003eof private memory contents (such as private keys, or sensitive plaintext)\u003cbr\u003ealthough we are not aware of any working exploit leading to memory\u003cbr\u003econtents disclosure as of the time of release of this advisory.\u003cbr\u003e\u003cbr\u003eIn a TLS client, this can be triggered by connecting to a malicious\u003cbr\u003eserver. In a TLS server, this can be triggered if the server requests\u003cbr\u003eclient authentication and a malicious client connects.\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "A read buffer overrun can be triggered in X.509 certificate verification,\nspecifically in name constraint checking. Note that this occurs\nafter certificate chain signature verification and requires either a\nCA to have signed the malicious certificate or for the application to\ncontinue certificate verification despite failure to construct a path\nto a trusted issuer.\n\nThe read buffer overrun might result in a crash which could lead to\na denial of service attack. In theory it could also result in the disclosure\nof private memory contents (such as private keys, or sensitive plaintext)\nalthough we are not aware of any working exploit leading to memory\ncontents disclosure as of the time of release of this advisory.\n\nIn a TLS client, this can be triggered by connecting to a malicious\nserver. In a TLS server, this can be triggered if the server requests\nclient authentication and a malicious client connects."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Moderate"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "read buffer overrun",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-04T09:06:39.738Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20230207.txt"
        },
        {
          "name": "3.0.8 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc"
        },
        {
          "url": "https://security.gentoo.org/glsa/202402-08"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "X.509 Name Constraints Read Buffer Overflow",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-4203",
    "datePublished": "2023-02-24T14:53:08.485Z",
    "dateReserved": "2022-11-29T10:00:42.027Z",
    "dateUpdated": "2025-11-04T19:14:06.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-50098",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T14:04:24.574231Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-17T14:22:13.191Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.42",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.5",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.3.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.42",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.5",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.3.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and  9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T19:27:48.554Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-50098",
    "datePublished": "2025-07-15T19:27:48.554Z",
    "dateReserved": "2025-06-11T22:56:56.113Z",
    "dateUpdated": "2025-07-17T14:22:13.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21585",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T19:47:49.033556Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-732",
                "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T19:47:52.191Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:35:36.686Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250502-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.41",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.4.4",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.2.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.41",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.4",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.2.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and  9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T20:30:57.314Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-21585",
    "datePublished": "2025-04-15T20:30:57.314Z",
    "dateReserved": "2024-12-24T23:18:54.786Z",
    "dateUpdated": "2025-11-03T19:35:36.686Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-61780",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-10T20:34:55.399317Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-10T20:35:26.618Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rack",
          "vendor": "rack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2.20"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0, \u003c 3.1.18"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.2, \u003c 3.2.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rack is a modular Ruby web server interface. Prior to versions 2.2.20, 3.1.18, and 3.2.3, a possible information disclosure vulnerability existed in `Rack::Sendfile` when running behind a proxy that supports `x-sendfile` headers (such as Nginx). Specially crafted headers could cause `Rack::Sendfile` to miscommunicate with the proxy and trigger unintended internal requests, potentially bypassing proxy-level access restrictions. When `Rack::Sendfile` received untrusted `x-sendfile-type` or `x-accel-mapping` headers from a client, it would interpret them as proxy configuration directives. This could cause the middleware to send a \"redirect\" response to the proxy, prompting it to reissue a new internal request that was not subject to the proxy\u0027s access controls. An attacker could exploit this by setting a crafted `x-sendfile-type: x-accel-redirect` header, setting a crafted `x-accel-mapping` header, and requesting a path that qualifies for proxy-based acceleration. Attackers could bypass proxy-enforced restrictions and access internal endpoints intended to be protected (such as administrative pages). The vulnerability did not allow arbitrary file reads but could expose sensitive application routes. This issue only affected systems meeting all of the following conditions: The application used `Rack::Sendfile` with a proxy that supports `x-accel-redirect` (e.g., Nginx); the proxy did **not** always set or remove the `x-sendfile-type` and `x-accel-mapping` headers; and the application exposed an endpoint that returned a body responding to `.to_path`. Users should upgrade to Rack versions 2.2.20, 3.1.18, or 3.2.3, which require explicit configuration to enable `x-accel-redirect`. Alternatively, configure the proxy to always set or strip the header, or in Rails applications, disable sendfile completely."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-441",
              "description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-913",
              "description": "CWE-913: Improper Control of Dynamically-Managed Code Resources",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-10T16:53:57.606Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rack/rack/security/advisories/GHSA-r657-rxjc-j557"
        },
        {
          "name": "https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/57277b7741581fa827472c5c666f6e6a33abd784"
        },
        {
          "name": "https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/7e69f65eefe9cd2868df9f9f3b0977b86f93523a"
        },
        {
          "name": "https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/fba2c8bc63eb787ff4b19bc612d315fda6126d85"
        }
      ],
      "source": {
        "advisory": "GHSA-r657-rxjc-j557",
        "discovery": "UNKNOWN"
      },
      "title": "Rack has Possible Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-61780",
    "datePublished": "2025-10-10T16:53:57.606Z",
    "dateReserved": "2025-09-30T19:43:49.902Z",
    "dateUpdated": "2025-10-10T20:35:26.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/emulate.c",
            "arch/x86/kvm/kvm_emulate.h",
            "arch/x86/kvm/x86.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a908eca437789589dd4624da428614c1275064dc",
              "status": "affected",
              "version": "8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9",
              "versionType": "git"
            },
            {
              "lessThan": "00338255bb1f422642fb2798ebe92e93b6e4209b",
              "status": "affected",
              "version": "8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9",
              "versionType": "git"
            },
            {
              "lessThan": "e0ce3ed1048a47986d15aef1a98ebda25560d257",
              "status": "affected",
              "version": "8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9",
              "versionType": "git"
            },
            {
              "lessThan": "ba35a5d775799ce5ad60230be97336f2fefd518e",
              "status": "affected",
              "version": "8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9",
              "versionType": "git"
            },
            {
              "lessThan": "3d3abf3f7e8b1abb082070a343de82d7efc80523",
              "status": "affected",
              "version": "8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9",
              "versionType": "git"
            },
            {
              "lessThan": "e7177c7e32cb806f348387b7f4faafd4a5b32054",
              "status": "affected",
              "version": "8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9",
              "versionType": "git"
            },
            {
              "lessThan": "3a062a5c55adc5507600b9ae6d911e247e2f1d6e",
              "status": "affected",
              "version": "8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9",
              "versionType": "git"
            },
            {
              "lessThan": "7366830642505683bbe905a2ba5d18d6e4b512b8",
              "status": "affected",
              "version": "8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9",
              "versionType": "git"
            },
            {
              "lessThan": "e750f85391286a4c8100275516973324b621a269",
              "status": "affected",
              "version": "8a76d7f25f8f24fc5a328c8e15e4a7313cf141b9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/emulate.c",
            "arch/x86/kvm/kvm_emulate.h",
            "arch/x86/kvm/x86.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "lessThan": "3.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.301",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.246",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.195",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.111",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.52",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.301",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.246",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.195",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.157",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.111",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.52",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.12",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.2",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18-rc1",
                  "versionStartIncluding": "3.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Don\u0027t (re)check L1 intercepts when completing userspace I/O\n\nWhen completing emulation of instruction that generated a userspace exit\nfor I/O, don\u0027t recheck L1 intercepts as KVM has already finished that\nphase of instruction execution, i.e. has already committed to allowing L2\nto perform I/O.  If L1 (or host userspace) modifies the I/O permission\nbitmaps during the exit to userspace,  KVM will treat the access as being\nintercepted despite already having emulated the I/O access.\n\nPivot on EMULTYPE_NO_DECODE to detect that KVM is completing emulation.\nOf the three users of EMULTYPE_NO_DECODE, only complete_emulated_io() (the\nintended \"recipient\") can reach the code in question.  gp_interception()\u0027s\nuse is mutually exclusive with is_guest_mode(), and\ncomplete_emulated_insn_gp() unconditionally pairs EMULTYPE_NO_DECODE with\nEMULTYPE_SKIP.\n\nThe bad behavior was detected by a syzkaller program that toggles port I/O\ninterception during the userspace I/O exit, ultimately resulting in a WARN\non vcpu-\u003earch.pio.count being non-zero due to KVM no completing emulation\nof the I/O instruction.\n\n  WARNING: CPU: 23 PID: 1083 at arch/x86/kvm/x86.c:8039 emulator_pio_in_out+0x154/0x170 [kvm]\n  Modules linked in: kvm_intel kvm irqbypass\n  CPU: 23 UID: 1000 PID: 1083 Comm: repro Not tainted 6.16.0-rc5-c1610d2d66b1-next-vm #74 NONE\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n  RIP: 0010:emulator_pio_in_out+0x154/0x170 [kvm]\n  PKRU: 55555554\n  Call Trace:\n   \u003cTASK\u003e\n   kvm_fast_pio+0xd6/0x1d0 [kvm]\n   vmx_handle_exit+0x149/0x610 [kvm_intel]\n   kvm_arch_vcpu_ioctl_run+0xda8/0x1ac0 [kvm]\n   kvm_vcpu_ioctl+0x244/0x8c0 [kvm]\n   __x64_sys_ioctl+0x8a/0xd0\n   do_syscall_64+0x5d/0xc60\n   entry_SYSCALL_64_after_hwframe+0x4b/0x53\n   \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T13:19:27.308Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a908eca437789589dd4624da428614c1275064dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/00338255bb1f422642fb2798ebe92e93b6e4209b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e0ce3ed1048a47986d15aef1a98ebda25560d257"
        },
        {
          "url": "https://git.kernel.org/stable/c/ba35a5d775799ce5ad60230be97336f2fefd518e"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d3abf3f7e8b1abb082070a343de82d7efc80523"
        },
        {
          "url": "https://git.kernel.org/stable/c/e7177c7e32cb806f348387b7f4faafd4a5b32054"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a062a5c55adc5507600b9ae6d911e247e2f1d6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/7366830642505683bbe905a2ba5d18d6e4b512b8"
        },
        {
          "url": "https://git.kernel.org/stable/c/e750f85391286a4c8100275516973324b621a269"
        }
      ],
      "title": "KVM: x86: Don\u0027t (re)check L1 intercepts when completing userspace I/O",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40026",
    "datePublished": "2025-10-28T09:32:33.075Z",
    "dateReserved": "2025-04-16T07:20:57.152Z",
    "dateUpdated": "2025-10-29T13:19:27.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-53506",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T13:46:01.043076Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-11T13:49:02.483Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T21:11:48.893Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00009.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/07/10/13"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.8",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.42",
              "status": "affected",
              "version": "10.1.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.106",
              "status": "affected",
              "version": "9.0.0.M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "affected",
              "version": "8.5.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.0.27",
              "status": "unknown",
              "version": "10.0.0-M1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Kanatoko"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\u003cbr\u003eThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100.\u0026nbsp;Other EOL versions may also be affected.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue.\u003c/p\u003e"
            }
          ],
          "value": "Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that reduces the maximum permitted concurrent streams.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.8, from 10.1.0-M1 through 10.1.42, from 9.0.0.M1 through 9.0.106.\nThe following versions were EOL at the time the CVE was created but are \nknown to be affected: 8.5.0 through 8.5.100.\u00a0Other EOL versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.9, 10.1.43 or 9.0.107, which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-29T11:41:00.258Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/p09775q0rd185m6zz98krg0fp45j8kr0"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: DoS via excessive h2 streams at connection start",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2025-53506",
    "datePublished": "2025-07-10T19:14:23.249Z",
    "dateReserved": "2025-07-01T14:22:04.137Z",
    "dateUpdated": "2025-11-04T21:11:48.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:03:05.875Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20220503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-1343",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:27:12.804295Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "CWE-295 Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:42:39.898Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Raul Metsma"
        }
      ],
      "datePublic": "2022-05-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL \"ocsp\" application. When verifying an ocsp response with the \"-no_cert_checks\" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Incorrect signature verfication",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-14T00:00:00.000Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20220503.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220602-0009/"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
        }
      ],
      "title": "OCSP_basic_verify may incorrectly verify the response signing certificate"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2022-1343",
    "datePublished": "2022-05-03T15:15:21.496Z",
    "dateReserved": "2022-04-13T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:42:39.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/f2fs.h",
            "fs/f2fs/gc.c",
            "fs/f2fs/node.c",
            "fs/f2fs/node.h",
            "fs/f2fs/recovery.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "186098f34b8a5d65eb828f952c8cc56272c60ea0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "c18ecd99e0c707ef8f83cace861cbc3162f4fdf1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/f2fs.h",
            "fs/f2fs/gc.c",
            "fs/f2fs/node.c",
            "fs/f2fs/node.h",
            "fs/f2fs/recovery.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.17.*",
              "status": "unaffected",
              "version": "6.17.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.18-rc1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18-rc1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on node footer for non inode dnode\n\nAs syzbot reported below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/file.c:1243!\nOops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\nCPU: 0 UID: 0 PID: 5354 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(full)\nRIP: 0010:f2fs_truncate_hole+0x69e/0x6c0 fs/f2fs/file.c:1243\nCall Trace:\n \u003cTASK\u003e\n f2fs_punch_hole+0x2db/0x330 fs/f2fs/file.c:1306\n f2fs_fallocate+0x546/0x990 fs/f2fs/file.c:2018\n vfs_fallocate+0x666/0x7e0 fs/open.c:342\n ksys_fallocate fs/open.c:366 [inline]\n __do_sys_fallocate fs/open.c:371 [inline]\n __se_sys_fallocate fs/open.c:369 [inline]\n __x64_sys_fallocate+0xc0/0x110 fs/open.c:369\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f1e65f8ebe9\n\nw/ a fuzzed image, f2fs may encounter panic due to it detects inconsistent\ntruncation range in direct node in f2fs_truncate_hole().\n\nThe root cause is: a non-inode dnode may has the same footer.ino and\nfooter.nid, so the dnode will be parsed as an inode, then ADDRS_PER_PAGE()\nmay return wrong blkaddr count which may be 923 typically, by chance,\ndn.ofs_in_node is equal to 923, then count can be calculated to 0 in below\nstatement, later it will trigger panic w/ f2fs_bug_on(, count == 0 || ...).\n\n\tcount = min(end_offset - dn.ofs_in_node, pg_end - pg_start);\n\nThis patch introduces a new node_type NODE_TYPE_NON_INODE, then allowing\npassing the new_type to sanity_check_node_footer in f2fs_get_node_folio()\nto detect corruption that a non-inode dnode has the same footer.ino and\nfooter.nid.\n\nScripts to reproduce:\nmkfs.f2fs -f /dev/vdb\nmount /dev/vdb /mnt/f2fs\ntouch /mnt/f2fs/foo\ntouch /mnt/f2fs/bar\ndd if=/dev/zero of=/mnt/f2fs/foo bs=1M count=8\numount /mnt/f2fs\ninject.f2fs --node --mb i_nid --nid 4 --idx 0 --val 5 /dev/vdb\nmount /dev/vdb /mnt/f2fs\nxfs_io /mnt/f2fs/foo -c \"fpunch 6984k 4k\""
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-28T09:32:31.806Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/186098f34b8a5d65eb828f952c8cc56272c60ea0"
        },
        {
          "url": "https://git.kernel.org/stable/c/c18ecd99e0c707ef8f83cace861cbc3162f4fdf1"
        }
      ],
      "title": "f2fs: fix to do sanity check on node footer for non inode dnode",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-40025",
    "datePublished": "2025-10-28T09:32:31.806Z",
    "dateReserved": "2025-04-16T07:20:57.152Z",
    "dateUpdated": "2025-10-28T09:32:31.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:38:55.285Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
          },
          {
            "name": "DSA-5057",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5057"
          },
          {
            "name": "DSA-5058",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5058"
          },
          {
            "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
          },
          {
            "name": "GLSA-202209-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java SE JDK and JRE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:7u321"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u311"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.13"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.1"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-07T23:20:53.724Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
        },
        {
          "name": "DSA-5057",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5057"
        },
        {
          "name": "DSA-5058",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5058"
        },
        {
          "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
        },
        {
          "name": "GLSA-202209-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2022-21341",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java SE JDK and JRE",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:7u321"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:8u311"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:11.0.13"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle Java SE:17.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:20.3.4"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Oracle GraalVM Enterprise Edition:21.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220121-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220121-0007/"
            },
            {
              "name": "DSA-5057",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5057"
            },
            {
              "name": "DSA-5058",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2022/dsa-5058"
            },
            {
              "name": "[debian-lts-announce] 20220210 [SECURITY] [DLA 2917-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00011.html"
            },
            {
              "name": "GLSA-202209-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2022-21341",
    "datePublished": "2022-01-19T11:25:02",
    "dateReserved": "2021-11-15T00:00:00",
    "dateUpdated": "2024-08-03T02:38:55.285Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-50101",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T14:04:09.785259Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-17T14:21:57.559Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "8.0.42",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "8.4.5",
              "status": "affected",
              "version": "8.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.3.0",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.0.42",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "8.4.5",
                  "versionStartIncluding": "8.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "9.3.0",
                  "versionStartIncluding": "9.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).  Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and  9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-15T19:27:49.745Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2025.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2025-50101",
    "datePublished": "2025-07-15T19:27:49.745Z",
    "dateReserved": "2025-06-11T22:56:56.113Z",
    "dateUpdated": "2025-07-17T14:21:57.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43484",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-08T18:54:47.769303Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-09T19:48:20.527Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-28T15:03:03.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250328-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.2.24",
              "status": "affected",
              "version": "7.2.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "PowerShell 7.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "7.4.6",
              "status": "affected",
              "version": "7.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.20",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.15",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.10",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.8",
              "status": "affected",
              "version": "17.10",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.11",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.11.5",
              "status": "affected",
              "version": "17.11",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.35",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Unknown"
          ],
          "product": ".NET 8.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "8.0.10",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows Server 2016",
            "Windows Server 2016 (Server Core installation)",
            "Windows Server 2019",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows Server 2019 (Server Core installation)",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows 10 Version 1607 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04115.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 10 Version 1809 for x64-based Systems",
            "Windows Server 2019 (Server Core installation)",
            "Windows 10 Version 1809 for 32-bit Systems",
            "Windows Server 2019",
            "Windows Server 2022",
            "Windows Server 2022 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04762.01",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2012",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2 (Server Core installation)",
            "Windows Server 2012 R2"
          ],
          "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04115.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2022",
            "Windows 11 version 21H2 for x64-based Systems",
            "Windows Server 2022 (Server Core installation)",
            "Windows 10 Version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for 32-bit Systems",
            "Windows 11 version 21H2 for ARM64-based Systems",
            "Windows 10 Version 21H2 for x64-based Systems",
            "Windows 11 Version 22H2 for x64-based Systems",
            "Windows 11 Version 22H2 for ARM64-based Systems",
            "Windows 10 Version 22H2 for x64-based Systems",
            "Windows 10 Version 22H2 for 32-bit Systems",
            "Windows 10 Version 22H2 for ARM64-based Systems",
            "Windows 11 Version 23H2 for ARM64-based Systems",
            "Windows 11 Version 23H2 for x64-based Systems",
            "Windows Server 2022, 23H2 Edition (Server Core installation)",
            "Windows 11 Version 24H2 for ARM64-based Systems",
            "Windows 11 Version 24H2 for x64-based Systems"
          ],
          "product": "Microsoft .NET Framework 3.5 AND 4.8.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.1.9277.03",
              "status": "affected",
              "version": "4.8.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)",
            "Windows Server 2008 for x64-based Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.7.04115.01",
              "status": "affected",
              "version": "4.7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows 10 for x64-based Systems",
            "Windows 10 for 32-bit Systems"
          ],
          "product": "Microsoft .NET Framework 4.6/4.6.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "10.0.10240.20796",
              "status": "affected",
              "version": "10.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 for x64-based Systems Service Pack 2",
            "Windows Server 2008 for 32-bit Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 2.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8974",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2"
          ],
          "product": "Microsoft .NET Framework 3.0 Service Pack 2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.0.30729.8974",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 for 32-bit Systems Service Pack 2",
            "Windows Server 2008 for x64-based Systems Service Pack 2",
            "Windows Server 2012",
            "Windows Server 2012 R2",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2012 R2 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.5.30729.8973",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
          ],
          "product": "Microsoft .NET Framework 3.5.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "3.5.1.30729.8974",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "platforms": [
            "Windows Server 2012",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)",
            "Windows 10 Version 1607 for x64-based Systems",
            "Windows Server 2016",
            "Windows Server 2012 R2",
            "Windows 10 Version 1607 for 32-bit Systems",
            "Windows Server 2012 R2 (Server Core installation)",
            "Windows Server 2016 (Server Core installation)",
            "Windows Server 2012 (Server Core installation)",
            "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
          ],
          "product": "Microsoft .NET Framework 4.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "4.8.04762.01",
              "status": "affected",
              "version": "4.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.2.24",
                  "versionStartIncluding": "7.2.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:powershell:*:-:*:*:*:*:*:*",
                  "versionEndExcluding": "7.4.6",
                  "versionStartIncluding": "7.4.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.6.20",
                  "versionStartIncluding": "17.6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.8.15",
                  "versionStartIncluding": "17.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.10.8",
                  "versionStartIncluding": "17.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "17.11.5",
                  "versionStartIncluding": "17.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.0.35",
                  "versionStartIncluding": "6.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.0.10",
                  "versionStartIncluding": "8.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.7.04115.01",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.04762.01",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.7.04115.01",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.1.9277.03",
                  "versionStartIncluding": "4.8.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.7.04115.01",
                  "versionStartIncluding": "4.7.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net_framework:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "10.0.10240.20796",
                  "versionStartIncluding": "10.0.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                  "versionEndExcluding": "3.0.30729.8974",
                  "versionStartIncluding": "2.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:sp2:*:*:*:*:*:*",
                  "versionEndExcluding": "3.0.30729.8974",
                  "versionStartIncluding": "3.0.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "3.5.30729.8973",
                  "versionStartIncluding": "3.5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "3.5.1.30729.8974",
                  "versionStartIncluding": "3.5.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.8.04762.01",
                  "versionStartIncluding": "4.8.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2024-10-08T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-407",
              "description": "CWE-407: Inefficient Algorithmic Complexity",
              "lang": "en-US",
              "type": "CWE"
            },
            {
              "cweId": "CWE-789",
              "description": "CWE-789: Memory Allocation with Excessive Size Value",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-08T15:39:00.905Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43484"
        }
      ],
      "title": ".NET, .NET Framework, and Visual Studio Denial of Service Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-43484",
    "datePublished": "2024-10-08T17:35:46.715Z",
    "dateReserved": "2024-08-14T01:08:33.518Z",
    "dateUpdated": "2025-07-08T15:39:00.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:53:42.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
          },
          {
            "name": "FEDORA-2020-e418151dc3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
          },
          {
            "name": "FEDORA-2020-5d0b4a2b5b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
          },
          {
            "name": "USN-4433-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4433-1/"
          },
          {
            "name": "DSA-4734",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4734"
          },
          {
            "name": "FEDORA-2020-508df53719",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
          },
          {
            "name": "FEDORA-2020-93cc9c3ef2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
          },
          {
            "name": "openSUSE-SU-2020:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2020:1191",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
          },
          {
            "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
          },
          {
            "name": "USN-4453-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4453-1/"
          },
          {
            "name": "GLSA-202008-24",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202008-24"
          },
          {
            "name": "openSUSE-SU-2020:1893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
          },
          {
            "name": "GLSA-202209-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14593",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-27T17:58:35.278922Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-27T18:35:33.800Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1"
            },
            {
              "status": "affected",
              "version": "Java SE Embedded: 8u251"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-25T15:06:43",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
        },
        {
          "name": "FEDORA-2020-e418151dc3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
        },
        {
          "name": "FEDORA-2020-5d0b4a2b5b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
        },
        {
          "name": "USN-4433-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4433-1/"
        },
        {
          "name": "DSA-4734",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4734"
        },
        {
          "name": "FEDORA-2020-508df53719",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
        },
        {
          "name": "FEDORA-2020-93cc9c3ef2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
        },
        {
          "name": "openSUSE-SU-2020:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2020:1191",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
        },
        {
          "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
        },
        {
          "name": "USN-4453-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4453-1/"
        },
        {
          "name": "GLSA-202008-24",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202008-24"
        },
        {
          "name": "openSUSE-SU-2020:1893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
        },
        {
          "name": "GLSA-202209-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-15"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14593",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "Java SE: 7u261, 8u251, 11.0.7, 14.0.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "Java SE Embedded: 8u251"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "7.4",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200717-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200717-0005/"
            },
            {
              "name": "FEDORA-2020-e418151dc3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFJPOYF3CWYEPCDOAOCNFJTQIKKWPHW/"
            },
            {
              "name": "FEDORA-2020-5d0b4a2b5b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QQUMIAON2YEFRONMIUVHAKYCIOLICDBA/"
            },
            {
              "name": "USN-4433-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4433-1/"
            },
            {
              "name": "DSA-4734",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4734"
            },
            {
              "name": "FEDORA-2020-508df53719",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFZ36XIW5ENQAW6BB7WHRFFTTJX7KGMR/"
            },
            {
              "name": "FEDORA-2020-93cc9c3ef2",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEPHBZPNSLX43B26DWKB7OS6AROTS2BO/"
            },
            {
              "name": "openSUSE-SU-2020:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00019.html"
            },
            {
              "name": "openSUSE-SU-2020:1191",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00027.html"
            },
            {
              "name": "[debian-lts-announce] 20200813 [SECURITY] [DLA 2325-1] openjdk-8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00021.html"
            },
            {
              "name": "USN-4453-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4453-1/"
            },
            {
              "name": "GLSA-202008-24",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202008-24"
            },
            {
              "name": "openSUSE-SU-2020:1893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00041.html"
            },
            {
              "name": "GLSA-202209-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-15"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14593",
    "datePublished": "2020-07-15T17:34:29",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-27T18:35:33.800Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59830",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-25T16:14:17.653996Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-25T16:16:15.255Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rack",
          "vendor": "rack",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2.18"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by \u0026, while still splitting on both \u0026 and ;. As a result, attackers could use ; separators to bypass the parameter count limit and submit more parameters than intended. Applications or middleware that directly invoke Rack::QueryParser with its default configuration (no explicit delimiter) could be exposed to increased CPU and memory consumption. This can be abused as a limited denial-of-service vector. This issue has been patched in version 2.2.18."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-25T14:37:06.967Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rack/rack/security/advisories/GHSA-625h-95r8-8xpm"
        },
        {
          "name": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rack/rack/commit/54e4ffdd5affebcb0c015cc6ae74635c0831ed71"
        }
      ],
      "source": {
        "advisory": "GHSA-625h-95r8-8xpm",
        "discovery": "UNKNOWN"
      },
      "title": "Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-59830",
    "datePublished": "2025-09-25T14:37:06.967Z",
    "dateReserved": "2025-09-22T14:34:03.471Z",
    "dateUpdated": "2025-09-25T16:16:15.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cpython",
            "vendor": "python_software_foundation",
            "versions": [
              {
                "lessThan": "3.8.19",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.9.19",
                "status": "affected",
                "version": "3.9.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.10.14",
                "status": "affected",
                "version": "3.10.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.11.8",
                "status": "affected",
                "version": "3.11.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.12.1",
                "status": "affected",
                "version": "3.12.0",
                "versionType": "custom"
              },
              {
                "lessThan": "3.13.0a3",
                "status": "affected",
                "version": "3.13.0a1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-05T19:08:44.665083Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T19:16:27.862Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:50:47.799Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/issues/91133"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.8.19",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.9.19",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.14",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.8",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.1",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.0a3",
              "status": "affected",
              "version": "3.13.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\u003cbr\u003e\u003cbr\u003eThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\u003cbr\u003e"
            }
          ],
          "value": "An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T19:24:11.289Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/81c16cd94ec38d61aa478b9a452436dc3b1b524d"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/6ceb8aeda504b079fef7a57b8d81472f15cdd9a5"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/5585334d772b253a01a6730e8202ffb1607c3d25"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/8eaeefe49d179ca4908d052745e3bb8b6f238f82"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/d54e22a669ae6e987199bb5d2c69bb5a46b0083b"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/02a9259c717738dfe6b463c44d7e17f2b6d2cb3a"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/91133"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/Q5C6ATFC67K53XFV4KE45325S7NS62LD/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2023-6597",
    "datePublished": "2024-03-19T15:44:28.989Z",
    "dateReserved": "2023-12-07T20:59:23.246Z",
    "dateUpdated": "2025-11-03T21:50:47.799Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}