Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-26345 (GCVE-0-2022-26345)
Vulnerability from cvelistv5
Published
2023-02-16 19:59
Modified
2025-01-27 18:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- escalation of privilege
Summary
Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) oneAPI Toolkit OpenMP |
Version: before version 2022.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T05:03:32.034Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html",
"tags": [
"x_transferred"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-26345",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T17:30:46.128425Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T18:25:03.405Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) oneAPI Toolkit OpenMP",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2022.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-16T19:59:46.108Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2022-26345",
"datePublished": "2023-02-16T19:59:46.108Z",
"dateReserved": "2022-03-02T00:32:53.328Z",
"dateUpdated": "2025-01-27T18:25:03.405Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-26345\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2023-02-16T20:15:13.057\",\"lastModified\":\"2024-11-21T06:53:47.710\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@intel.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.3,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:openmp:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2022.1\",\"matchCriteriaId\":\"50C1D22C-9C66-4B6D-9541-461179F44FC7\"}]}]}],\"references\":[{\"url\":\"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html\", \"name\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T05:03:32.034Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-26345\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-27T17:30:46.128425Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-27T17:30:47.772Z\"}}], \"cna\": {\"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"Intel(R) oneAPI Toolkit OpenMP\", \"versions\": [{\"status\": \"affected\", \"version\": \"before version 2022.1\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html\", \"name\": \"http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"escalation of privilege\"}]}], \"providerMetadata\": {\"orgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"shortName\": \"intel\", \"dateUpdated\": \"2023-02-16T19:59:46.108Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-26345\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-27T18:25:03.405Z\", \"dateReserved\": \"2022-03-02T00:32:53.328Z\", \"assignerOrgId\": \"6dda929c-bb53-4a77-a76d-48e79601a1ce\", \"datePublished\": \"2023-02-16T19:59:46.108Z\", \"assignerShortName\": \"intel\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
var-202302-1275
Vulnerability from variot
Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's openmp Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-1275",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openmp",
"scope": "lt",
"trust": 1.0,
"vendor": "intel",
"version": "2022.1"
},
{
"model": "openmp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "openmp",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": null
},
{
"model": "openmp",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30c6\u30eb",
"version": "2022.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019755"
},
{
"db": "NVD",
"id": "CVE-2022-26345"
}
]
},
"cve": "CVE-2022-26345",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"id": "CVE-2022-26345",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "secure@intel.com",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2022-26345",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-26345",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-26345",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "secure@intel.com",
"id": "CVE-2022-26345",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-26345",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-1402",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1402"
},
{
"db": "NVD",
"id": "CVE-2022-26345"
},
{
"db": "NVD",
"id": "CVE-2022-26345"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel\u0027s openmp Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-26345"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019755"
},
{
"db": "VULHUB",
"id": "VHN-417061"
},
{
"db": "VULMON",
"id": "CVE-2022-26345"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-26345",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU91223897",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019755",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1402",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-417061",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-26345",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417061"
},
{
"db": "VULMON",
"id": "CVE-2022-26345"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1402"
},
{
"db": "NVD",
"id": "CVE-2022-26345"
}
]
},
"id": "VAR-202302-1275",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-417061"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:55:57.980000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Intel OneApi Toolkits Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=227089"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-26345 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-26345"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1402"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "Uncontrolled search path elements (CWE-427) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417061"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019755"
},
{
"db": "NVD",
"id": "CVE-2022-26345"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91223897/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26345"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-26345/"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-26345"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-417061"
},
{
"db": "VULMON",
"id": "CVE-2022-26345"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1402"
},
{
"db": "NVD",
"id": "CVE-2022-26345"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-417061"
},
{
"db": "VULMON",
"id": "CVE-2022-26345"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-019755"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-1402"
},
{
"db": "NVD",
"id": "CVE-2022-26345"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-16T00:00:00",
"db": "VULHUB",
"id": "VHN-417061"
},
{
"date": "2023-02-16T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26345"
},
{
"date": "2023-10-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-019755"
},
{
"date": "2023-02-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1402"
},
{
"date": "2023-02-16T20:15:13.057000",
"db": "NVD",
"id": "CVE-2022-26345"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-28T00:00:00",
"db": "VULHUB",
"id": "VHN-417061"
},
{
"date": "2023-02-17T00:00:00",
"db": "VULMON",
"id": "CVE-2022-26345"
},
{
"date": "2023-10-27T06:12:00",
"db": "JVNDB",
"id": "JVNDB-2022-019755"
},
{
"date": "2023-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-1402"
},
{
"date": "2023-02-28T19:22:51.133000",
"db": "NVD",
"id": "CVE-2022-26345"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1402"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Intel\u0027s \u00a0openmp\u00a0 Vulnerability regarding uncontrolled search path elements in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-019755"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-1402"
}
],
"trust": 0.6
}
}
fkie_cve-2022-26345
Vulnerability from fkie_nvd
Published
2023-02-16 20:15
Modified
2024-11-21 06:53
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:openmp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50C1D22C-9C66-4B6D-9541-461179F44FC7",
"versionEndExcluding": "2022.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"id": "CVE-2022-26345",
"lastModified": "2024-11-21T06:53:47.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-16T20:15:13.057",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2022-26345
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-26345",
"id": "GSD-2022-26345"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-26345"
],
"details": "Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GSD-2022-26345",
"modified": "2023-12-13T01:19:39.104664Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2022-26345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) oneAPI Toolkit OpenMP",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "before version 2022.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html",
"refsource": "MISC",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:openmp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2022.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2022-26345"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-02-28T19:22Z",
"publishedDate": "2023-02-16T20:15Z"
}
}
}
ghsa-p5mj-2xj9-v4jv
Vulnerability from github
Published
2023-02-16 21:30
Modified
2023-02-28 21:30
Severity ?
VLAI Severity ?
Details
Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2022-26345"
],
"database_specific": {
"cwe_ids": [
"CWE-427"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-16T20:15:00Z",
"severity": "HIGH"
},
"details": "Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.",
"id": "GHSA-p5mj-2xj9-v4jv",
"modified": "2023-02-28T21:30:18Z",
"published": "2023-02-16T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26345"
},
{
"type": "WEB",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
CERTFR-2025-AVI-0052
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Database Migration Assistant for Unicode version 19.1 | ||
| Oracle | Database Server | Oracle Database Server (Java VM) versions 19.3 à 19.25 | ||
| Oracle | Database Server | Oracle Database Server (Java VM) versions 23.4 à 23.6 | ||
| Oracle | Database Server | Oracle Graal Development Kit for Micronaut versions 23.5 à 23.6 | ||
| Oracle | Database Server | Oracle Database Server (Oracle Database Data Mining) versions 21.3 à 21.16 | ||
| Oracle | Database Server | Oracle Database Server (Java VM) versions 21.3 à 21.16 | ||
| Oracle | Database Server | Oracle Database Server (GraalVM Multilingual Engine) versions 21.4 à 21.16 | ||
| Oracle | Database Server | Oracle Database Server (GraalVM Multilingual Engine) versions 23.5 à 23.6 | ||
| Oracle | Database Server | Oracle Database Server (Oracle Database Data Mining) versions 19.3 à 19.25 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Database Migration Assistant for Unicode version 19.1",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Java VM) versions 19.3 \u00e0 19.25",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Java VM) versions 23.4 \u00e0 23.6",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Graal Development Kit for Micronaut versions 23.5 \u00e0 23.6",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Oracle Database Data Mining) versions 21.3 \u00e0 21.16",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Java VM) versions 21.3 \u00e0 21.16",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (GraalVM Multilingual Engine) versions 21.4 \u00e0 21.16",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (GraalVM Multilingual Engine) versions 23.5 \u00e0 23.6",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server (Oracle Database Data Mining) versions 19.3 \u00e0 19.25",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-26345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26345"
},
{
"name": "CVE-2024-21211",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21211"
},
{
"name": "CVE-2025-21553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21553"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
}
],
"initial_release_date": "2025-01-22T00:00:00",
"last_revision_date": "2025-01-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0052",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database Server. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": "2025-01-21",
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Database Server cpujan2025",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
]
}
CERTFR-2023-AVI-0127
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Intel. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité, une élévation de privilèges, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel Distribution pour le langage de programmation Python versions antérieures à 2022.1 | ||
| Intel | N/A | Intel SUR versions antérieures à 2.4.8902 | ||
| Intel | N/A | Intel Trace Analyzer and Collector versions antérieures à 2021.5 | ||
| Intel | N/A | Intel DSA versions antérieures à 22.4.26 | ||
| Intel | N/A | Intel oneAPI DPC++/C++ Compiler Runtime versions antérieures à 2022.0 | ||
| Intel | N/A | Les processeurs Intel dont la liste est mentionnée dans les liens des fabriquants de la section Documentation. | ||
| Intel | N/A | Intel OpenBMC versions antérieures à 0.72 | ||
| Intel | N/A | Micrologiciel Intel BMC versions antérieures à 2.86 | ||
| Intel | N/A | Intel CVAT versions antérieures à 2.0.1 | ||
| Intel | N/A | Les pilotes Intel Ethernet 500 Series Controller pour VMWare versions antérieures à 1.10.0.13 | ||
| Intel | N/A | Intel FPGA Add-on pour Intel oneAPI Toolkits versions antérieures à 2022.2 | ||
| Intel | N/A | Intel oneAPI Collective Communications Library (oneCCL) versions antérieures à 2021.6 | ||
| Intel | N/A | Intel oneAPI Data Analytics Library versions antérieures à 2021.5 | ||
| Intel | N/A | Intel Integrated Sensor Solution versions antérieures à 5.4.1.4479 | ||
| Intel | N/A | Intel C++ Compiler Classic versions antérieures à 2021.6 | ||
| Intel | N/A | Intel oneAPI Toolkits versions antérieures à 2022.2 | ||
| Intel | N/A | Intel Media SDK versions antérieures à 22.2.2 | ||
| Intel | N/A | Micrologiciel Intel BMC versions antérieures à 2.78 | ||
| Intel | N/A | Intel FCS server versions antérieures à 1.1.79.3 | ||
| Intel | N/A | Intel oneAPI DPC++/C++ Compiler versions antérieures à 2022.1 | ||
| Intel | N/A | Intel oneAPI Deep Neural Network (oneDNN) versions antérieures à 2022.1 | ||
| Intel | N/A | Intel Integrated Sensor Solution versions antérieures à 5.4.2.4579v3 | ||
| Intel | N/A | Intel Battery Life Diagnostic Tool versions antérieures à 2.2.0 | ||
| Intel | N/A | Les pilotes Intel Iris Xe MAX pour Windows versions antérieures à 100.0.5.1474 | ||
| Intel | N/A | Intel OpenBMC versions antérieures à egs-0.91-179 | ||
| Intel | N/A | Intel OFU versions antérieures à 14.1.28 | ||
| Intel | N/A | Intel MPI Library pour Intel oneAPI HPC Toolkit versions antérieures à 2021.6 | ||
| Intel | N/A | Intel Quartus Prime Pro edition versions antérieures à 22.2 | ||
| Intel | N/A | Intel Integrated Sensor Solution versions antérieures à 5.0.0.4143 | ||
| Intel | N/A | Intel E810 Ethernet Controllers and Adapters versions antérieures à 1.7.0.8 | ||
| Intel | N/A | Intel OpenBMC versions antérieures à wht-1.01-61 | ||
| Intel | N/A | Les pilotes Intel QAT pour Linux versions antérieures à 4.17 | ||
| Intel | N/A | Intel QATzip versions antérieures à 1.0.9 | ||
| Intel | N/A | Intel Administrative Tools pour Intel Network Adapters versions antérieures à 27.3 | ||
| Intel | N/A | Intel Quartus Prime Standard Edition versions antérieures à 21.1 | ||
| Intel | N/A | Intel SGX SDK software pour Linux versions antérieures à 2.16.100.1 | ||
| Intel | N/A | Intel Open CAS versions antérieures à 22.3.1 | ||
| Intel | N/A | Intel Quartus Prime Pro Edition versions antérieures à 21.3 | ||
| Intel | N/A | Intel EMA versions antérieures à 1.8.1.0 | ||
| Intel | N/A | Micrologiciel Intel BMC versions antérieures à 2.09 | ||
| Intel | N/A | Les applications Android Intel ON Event Series versions antérieures à 2.0 | ||
| Intel | N/A | Intel SGX SDK software pour Windows versions antérieures à 2.15.100.1 | ||
| Intel | N/A | Intel Quartus Prime Standard edition versions antérieures à 22.1STD | ||
| Intel | N/A | Intel 700 Series Ethernet Controllers and Adapters versions antérieures à 9.101 | ||
| Intel | N/A | Intel Non-Volatile Memory (NVM) Update Utility pour Intel Ethernet Network Adapter E810 Series versions antérieures à 4.01 | ||
| Intel | N/A | Intel SPS firmware versions antérieures à SPS_E3_06.00.03.300.0 | ||
| Intel | N/A | Intel oneapi-cli pour Intel oneAPI Toolkits versions antérieures à 0.2.0 | ||
| Intel | N/A | Intel Crypto API Toolkit pour Intel SGX versions antérieures à 2.0 ID commit 91ee496 | ||
| Intel | N/A | Les pilotes Intel QAT pour Windows versions antérieures à 1.6 | ||
| Intel | N/A | Intel SPS firmware versions antérieures à SPS_E5_04.04.04.300.0 | ||
| Intel | N/A | Intel FPGA SDK pour OpenCL Pro Edition versions antérieures à 22.1 | ||
| Intel | N/A | Les pilotes Intel Ethernet Controller Administrative Tools pour Windows versions antérieures à 1.5.0.2 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel Distribution pour le langage de programmation Python versions ant\u00e9rieures \u00e0 2022.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SUR versions ant\u00e9rieures \u00e0 2.4.8902",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Trace Analyzer and Collector versions ant\u00e9rieures \u00e0 2021.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel DSA versions ant\u00e9rieures \u00e0 22.4.26",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI DPC++/C++ Compiler Runtime versions ant\u00e9rieures \u00e0 2022.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Les processeurs Intel dont la liste est mentionn\u00e9e dans les liens des fabriquants de la section Documentation.",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel OpenBMC versions ant\u00e9rieures \u00e0 0.72",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Micrologiciel Intel BMC versions ant\u00e9rieures \u00e0 2.86",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CVAT versions ant\u00e9rieures \u00e0 2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Les pilotes Intel Ethernet 500 Series Controller pour VMWare versions ant\u00e9rieures \u00e0 1.10.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel FPGA Add-on pour Intel oneAPI Toolkits versions ant\u00e9rieures \u00e0 2022.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI Collective Communications Library (oneCCL) versions ant\u00e9rieures \u00e0 2021.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI Data Analytics Library versions ant\u00e9rieures \u00e0 2021.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Integrated Sensor Solution versions ant\u00e9rieures \u00e0 5.4.1.4479",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel C++ Compiler Classic versions ant\u00e9rieures \u00e0 2021.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI Toolkits versions ant\u00e9rieures \u00e0 2022.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Media SDK versions ant\u00e9rieures \u00e0 22.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Micrologiciel Intel BMC versions ant\u00e9rieures \u00e0 2.78",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel FCS server versions ant\u00e9rieures \u00e0 1.1.79.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI DPC++/C++ Compiler versions ant\u00e9rieures \u00e0 2022.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneAPI Deep Neural Network (oneDNN) versions ant\u00e9rieures \u00e0 2022.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Integrated Sensor Solution versions ant\u00e9rieures \u00e0 5.4.2.4579v3",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Battery Life Diagnostic Tool versions ant\u00e9rieures \u00e0 2.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Les pilotes Intel Iris Xe MAX pour Windows versions ant\u00e9rieures \u00e0 100.0.5.1474",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel OpenBMC versions ant\u00e9rieures \u00e0 egs-0.91-179",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel OFU versions ant\u00e9rieures \u00e0 14.1.28",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel MPI Library pour Intel oneAPI HPC Toolkit versions ant\u00e9rieures \u00e0 2021.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Quartus Prime Pro edition versions ant\u00e9rieures \u00e0 22.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Integrated Sensor Solution versions ant\u00e9rieures \u00e0 5.0.0.4143",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel E810 Ethernet Controllers and Adapters versions ant\u00e9rieures \u00e0 1.7.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel OpenBMC versions ant\u00e9rieures \u00e0 wht-1.01-61",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Les pilotes Intel QAT pour Linux versions ant\u00e9rieures \u00e0 4.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel QATzip versions ant\u00e9rieures \u00e0 1.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Administrative Tools pour Intel Network Adapters versions ant\u00e9rieures \u00e0 27.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Quartus Prime Standard Edition versions ant\u00e9rieures \u00e0 21.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SGX SDK software pour Linux versions ant\u00e9rieures \u00e0 2.16.100.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Open CAS versions ant\u00e9rieures \u00e0 22.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Quartus Prime Pro Edition versions ant\u00e9rieures \u00e0 21.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel EMA versions ant\u00e9rieures \u00e0 1.8.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Micrologiciel Intel BMC versions ant\u00e9rieures \u00e0 2.09",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Les applications Android Intel ON Event Series versions ant\u00e9rieures \u00e0 2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SGX SDK software pour Windows versions ant\u00e9rieures \u00e0 2.15.100.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Quartus Prime Standard edition versions ant\u00e9rieures \u00e0 22.1STD",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel 700 Series Ethernet Controllers and Adapters versions ant\u00e9rieures \u00e0 9.101",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Non-Volatile Memory (NVM) Update Utility pour Intel Ethernet Network Adapter E810 Series versions ant\u00e9rieures \u00e0 4.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SPS firmware versions ant\u00e9rieures \u00e0 SPS_E3_06.00.03.300.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel oneapi-cli pour Intel oneAPI Toolkits versions ant\u00e9rieures \u00e0 0.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Crypto API Toolkit pour Intel SGX versions ant\u00e9rieures \u00e0 2.0 ID commit 91ee496",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Les pilotes Intel QAT pour Windows versions ant\u00e9rieures \u00e0 1.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel SPS firmware versions ant\u00e9rieures \u00e0 SPS_E5_04.04.04.300.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel FPGA SDK pour OpenCL Pro Edition versions ant\u00e9rieures \u00e0 22.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Les pilotes Intel Ethernet Controller Administrative Tools pour Windows versions ant\u00e9rieures \u00e0 1.5.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-34346",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34346"
},
{
"name": "CVE-2022-26840",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26840"
},
{
"name": "CVE-2022-29514",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29514"
},
{
"name": "CVE-2022-32971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32971"
},
{
"name": "CVE-2021-33104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33104"
},
{
"name": "CVE-2022-33972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33972"
},
{
"name": "CVE-2022-21163",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21163"
},
{
"name": "CVE-2022-32575",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32575"
},
{
"name": "CVE-2022-26421",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26421"
},
{
"name": "CVE-2022-30539",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30539"
},
{
"name": "CVE-2022-33964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33964"
},
{
"name": "CVE-2022-29523",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29523"
},
{
"name": "CVE-2022-36348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36348"
},
{
"name": "CVE-2022-36369",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36369"
},
{
"name": "CVE-2022-34157",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34157"
},
{
"name": "CVE-2022-26345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26345"
},
{
"name": "CVE-2022-25992",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25992"
},
{
"name": "CVE-2022-26888",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26888"
},
{
"name": "CVE-2022-30339",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30339"
},
{
"name": "CVE-2022-34864",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34864"
},
{
"name": "CVE-2022-26032",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26032"
},
{
"name": "CVE-2021-39295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39295"
},
{
"name": "CVE-2022-30692",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30692"
},
{
"name": "CVE-2022-36398",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36398"
},
{
"name": "CVE-2022-30704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30704"
},
{
"name": "CVE-2022-35729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35729"
},
{
"name": "CVE-2022-26425",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26425"
},
{
"name": "CVE-2022-41314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41314"
},
{
"name": "CVE-2022-36397",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36397"
},
{
"name": "CVE-2022-34849",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34849"
},
{
"name": "CVE-2022-25987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25987"
},
{
"name": "CVE-2022-31476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31476"
},
{
"name": "CVE-2022-36287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36287"
},
{
"name": "CVE-2022-32231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32231"
},
{
"name": "CVE-2022-26052",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26052"
},
{
"name": "CVE-2022-21216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21216"
},
{
"name": "CVE-2022-36289",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36289"
},
{
"name": "CVE-2022-30530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30530"
},
{
"name": "CVE-2022-26837",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26837"
},
{
"name": "CVE-2022-29493",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29493"
},
{
"name": "CVE-2022-35883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35883"
},
{
"name": "CVE-2022-25905",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25905"
},
{
"name": "CVE-2022-34854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34854"
},
{
"name": "CVE-2022-33190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33190"
},
{
"name": "CVE-2022-36794",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36794"
},
{
"name": "CVE-2022-33902",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33902"
},
{
"name": "CVE-2022-37329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37329"
},
{
"name": "CVE-2022-37340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37340"
},
{
"name": "CVE-2022-26509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26509"
},
{
"name": "CVE-2022-32764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32764"
},
{
"name": "CVE-2022-33196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33196"
},
{
"name": "CVE-2022-27170",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27170"
},
{
"name": "CVE-2022-26076",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26076"
},
{
"name": "CVE-2021-39296",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39296"
},
{
"name": "CVE-2022-34841",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34841"
},
{
"name": "CVE-2022-36797",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36797"
},
{
"name": "CVE-2022-38056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38056"
},
{
"name": "CVE-2022-36416",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36416"
},
{
"name": "CVE-2022-34153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34153"
},
{
"name": "CVE-2022-32570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32570"
},
{
"name": "CVE-2022-27808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27808"
},
{
"name": "CVE-2022-30531",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30531"
},
{
"name": "CVE-2022-26062",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26062"
},
{
"name": "CVE-2022-38090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38090"
},
{
"name": "CVE-2022-41614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41614"
},
{
"name": "CVE-2022-29494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29494"
},
{
"name": "CVE-2022-33892",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33892"
},
{
"name": "CVE-2022-36278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36278"
},
{
"name": "CVE-2022-26512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26512"
},
{
"name": "CVE-2022-34843",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34843"
},
{
"name": "CVE-2021-0187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0187"
},
{
"name": "CVE-2022-36382",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36382"
},
{
"name": "CVE-2022-27234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27234"
},
{
"name": "CVE-2022-26343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26343"
},
{
"name": "CVE-2022-33946",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33946"
},
{
"name": "CVE-2022-26841",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26841"
},
{
"name": "CVE-2022-26843",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26843"
}
],
"initial_release_date": "2023-02-15T00:00:00",
"last_revision_date": "2023-02-15T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0127",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIntel\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un\ncontournement de la politique de s\u00e9curit\u00e9, une \u00e9l\u00e9vation de privil\u00e8ges,\nun d\u00e9ni de service et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00674 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00674.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00714 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00714.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00700 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00700.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00767 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00767.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00770 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00770.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00751 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00751.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00776 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00776.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00728 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00728.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00731 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00731.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00738 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00738.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00726 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00726.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00717 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00717.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00733 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00733.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00764 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00764.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00762 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00762.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00737 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00761 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00761.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00736 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00736.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00718 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00718.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00725 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00725.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00754 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00754.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00765 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00765.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00677 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00677.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00730 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00730.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00739 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00739.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00769 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00769.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00727 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00727.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00746 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00746.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00729 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00729.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00750 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00750.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00721 du 14 f\u00e9vrier 2023",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00721.html"
}
]
}
ncsc-2025-0020
Vulnerability from csaf_ncscnl
Published
2025-01-22 13:30
Modified
2025-01-22 13:30
Summary
Kwetsbaarheden verholpen in Oracle Database producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.
Interpretaties
De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.
Oplossingen
Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans
medium
Schade
high
CWE-391
Unchecked Error Condition
CWE-115
Misinterpretation of Input
CWE-466
Return of Pointer Value Outside of Expected Range
CWE-222
Truncation of Security-relevant Information
CWE-131
Incorrect Calculation of Buffer Size
CWE-1287
Improper Validation of Specified Type of Input
CWE-922
Insecure Storage of Sensitive Information
CWE-191
Integer Underflow (Wrap or Wraparound)
CWE-1220
Insufficient Granularity of Access Control
CWE-776
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-178
Improper Handling of Case Sensitivity
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-440
Expected Behavior Violation
CWE-1286
Improper Validation of Syntactic Correctness of Input
CWE-703
Improper Check or Handling of Exceptional Conditions
CWE-617
Reachable Assertion
CWE-427
Uncontrolled Search Path Element
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-288
Authentication Bypass Using an Alternate Path or Channel
CWE-354
Improper Validation of Integrity Check Value
CWE-190
Integer Overflow or Wraparound
CWE-404
Improper Resource Shutdown or Release
CWE-284
Improper Access Control
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1333
Inefficient Regular Expression Complexity
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-476
NULL Pointer Dereference
CWE-757
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE-400
Uncontrolled Resource Consumption
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-502
Deserialization of Untrusted Data
CWE-674
Uncontrolled Recursion
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-611
Improper Restriction of XML External Entity Reference
CWE-787
Out-of-bounds Write
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-122
Heap-based Buffer Overflow
CWE-121
Stack-based Buffer Overflow
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-20
Improper Input Validation
CWE-276
Incorrect Default Permissions
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in diverse database producten en subsystemen, zoals de Core Database, Graal, Application Express, GoldenGate en REST data.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in verschillende componenten van de Oracle Database, waaronder de Data Mining component en de Java VM. Deze kwetsbaarheden stellen laaggeprivilegieerde geauthenticeerde gebruikers in staat om het systeem te compromitteren, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie. De Java VM-kwetsbaarheid kan ook leiden tot ongeautoriseerde wijzigingen van gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Unchecked Error Condition",
"title": "CWE-391"
},
{
"category": "general",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "general",
"text": "Return of Pointer Value Outside of Expected Range",
"title": "CWE-466"
},
{
"category": "general",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "general",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "general",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
},
{
"category": "general",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
},
{
"category": "general",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "general",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
},
{
"category": "general",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "general",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
},
{
"category": "general",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
},
{
"category": "general",
"text": "Expected Behavior Violation",
"title": "CWE-440"
},
{
"category": "general",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
},
{
"category": "general",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "general",
"text": "Reachable Assertion",
"title": "CWE-617"
},
{
"category": "general",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Authentication Bypass Using an Alternate Path or Channel",
"title": "CWE-288"
},
{
"category": "general",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
},
{
"category": "general",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
},
{
"category": "general",
"text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"title": "CWE-757"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujan2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Database producten",
"tracking": {
"current_release_date": "2025-01-22T13:30:16.354373Z",
"id": "NCSC-2025-0020",
"initial_release_date": "2025-01-22T13:30:16.354373Z",
"revision_history": [
{
"date": "2025-01-22T13:30:16.354373Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "graal_development_kit_for_micronaut",
"product": {
"name": "graal_development_kit_for_micronaut",
"product_id": "CSAFPID-1751216",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:graal_development_kit_for_micronaut:23.5-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_data_mining",
"product": {
"name": "database_-_data_mining",
"product_id": "CSAFPID-1751200",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_data_mining:19.3-19.25:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_data_mining",
"product": {
"name": "database_-_data_mining",
"product_id": "CSAFPID-1751199",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_data_mining:21.3-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_migration_assistant_for_unicode",
"product": {
"name": "database_migration_assistant_for_unicode",
"product_id": "CSAFPID-1751212",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_migration_assistant_for_unicode:19.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_server",
"product": {
"name": "database_server",
"product_id": "CSAFPID-1503604",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_graalvm_multilingual_engine",
"product": {
"name": "database_-_graalvm_multilingual_engine",
"product_id": "CSAFPID-1751223",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:21.4-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "database_-_graalvm_multilingual_engine",
"product": {
"name": "database_-_graalvm_multilingual_engine",
"product_id": "CSAFPID-1751224",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:database_-_graalvm_multilingual_engine:23.5-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express",
"product": {
"name": "application_express",
"product_id": "CSAFPID-1503575",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express:23.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "application_express",
"product": {
"name": "application_express",
"product_id": "CSAFPID-1673188",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:application_express:24.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-342816",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-816845",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1650825",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:19.1.0.0.0-19.1.0.0.18:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1751298",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:21.3.0.0.0-21.16.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate_big_data_and_application_adapters",
"product": {
"name": "goldengate_big_data_and_application_adapters",
"product_id": "CSAFPID-1751299",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate_big_data_and_application_adapters:23.4-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1650767",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0-19.23.0.0.240716:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-485902",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.1.0.0.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503736",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:19.23.0.0.240716:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503739",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751093",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751094",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.4:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751095",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751204",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:23.4-23.6:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1503738",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1751203",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.16:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "goldengate",
"product": {
"name": "goldengate",
"product_id": "CSAFPID-1650765",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:goldengate:21.3-21.14:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "rest_data_services",
"product": {
"name": "rest_data_services",
"product_id": "CSAFPID-711746",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "rest_data_services",
"product": {
"name": "rest_data_services",
"product_id": "CSAFPID-1751305",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:rest_data_services:24.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "rest_data_services",
"product": {
"name": "rest_data_services",
"product_id": "CSAFPID-1751304",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:rest_data_services:24.3.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-667692",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-345049",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-611417",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:18.1.0.2.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "secure_backup",
"product": {
"name": "secure_backup",
"product_id": "CSAFPID-1673422",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:secure_backup:19.1.0.0.0:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38998",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38998",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38998.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
}
],
"title": "CVE-2024-38998"
},
{
"cve": "CVE-2024-38999",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38999",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38999.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1673188",
"CSAFPID-1751204",
"CSAFPID-1751203"
]
}
],
"title": "CVE-2024-38999"
},
{
"cve": "CVE-2024-45490",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
},
{
"category": "other",
"text": "Incorrect Calculation of Buffer Size",
"title": "CWE-131"
},
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45490",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45490.json"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45491",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45491.json"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "other",
"text": "Integer Overflow or Wraparound",
"title": "CWE-190"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45492",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45492.json"
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-45772",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-45772",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-45772.json"
}
],
"title": "CVE-2024-45772"
},
{
"cve": "CVE-2024-47554",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-47554",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47554.json"
}
],
"title": "CVE-2024-47554"
},
{
"cve": "CVE-2024-47561",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825",
"CSAFPID-1751298",
"CSAFPID-1751299"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-47561",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-47561.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650825",
"CSAFPID-1751298",
"CSAFPID-1751299"
]
}
],
"title": "CVE-2024-47561"
},
{
"cve": "CVE-2024-50379",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-50379",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-50379.json"
}
],
"title": "CVE-2024-50379"
},
{
"cve": "CVE-2024-52316",
"cwe": {
"id": "CWE-391",
"name": "Unchecked Error Condition"
},
"notes": [
{
"category": "other",
"text": "Unchecked Error Condition",
"title": "CWE-391"
},
{
"category": "other",
"text": "Authentication Bypass Using an Alternate Path or Channel",
"title": "CWE-288"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-52316",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-52316.json"
}
],
"title": "CVE-2024-52316"
},
{
"cve": "CVE-2024-54677",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-54677",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-54677.json"
}
],
"title": "CVE-2024-54677"
},
{
"cve": "CVE-2024-56337",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "other",
"text": "Time-of-check Time-of-use (TOCTOU) Race Condition",
"title": "CWE-367"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-56337",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-56337.json"
}
],
"title": "CVE-2024-56337"
},
{
"cve": "CVE-2025-21553",
"references": [
{
"category": "self",
"summary": "CVE-2025-21553",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21553.json"
}
],
"title": "CVE-2025-21553"
},
{
"cve": "CVE-2025-21557",
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1673188"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-21557",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-21557.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1673188"
]
}
],
"title": "CVE-2025-21557"
},
{
"cve": "CVE-2022-26345",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Search Path Element",
"title": "CWE-427"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751199",
"CSAFPID-1751200"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-26345",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-26345.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751199",
"CSAFPID-1751200"
]
}
],
"title": "CVE-2022-26345"
},
{
"cve": "CVE-2023-27043",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2023-27043",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-27043.json"
}
],
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2023-36730",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36730",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36730.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
}
],
"title": "CVE-2023-36730"
},
{
"cve": "CVE-2023-36785",
"cwe": {
"id": "CWE-191",
"name": "Integer Underflow (Wrap or Wraparound)"
},
"notes": [
{
"category": "other",
"text": "Integer Underflow (Wrap or Wraparound)",
"title": "CWE-191"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-36785",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-36785.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1751203",
"CSAFPID-1751204"
]
}
],
"title": "CVE-2023-36785"
},
{
"cve": "CVE-2023-48795",
"cwe": {
"id": "CWE-222",
"name": "Truncation of Security-relevant Information"
},
"notes": [
{
"category": "other",
"text": "Truncation of Security-relevant Information",
"title": "CWE-222"
},
{
"category": "other",
"text": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)",
"title": "CWE-757"
},
{
"category": "other",
"text": "Improper Validation of Integrity Check Value",
"title": "CWE-354"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650765",
"CSAFPID-1650767",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-711746",
"CSAFPID-816845",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-1751212"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-48795",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650765",
"CSAFPID-1650767",
"CSAFPID-342816",
"CSAFPID-667692",
"CSAFPID-711746",
"CSAFPID-816845",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-1751212"
]
}
],
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-52428",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-342816",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-816845",
"CSAFPID-711746",
"CSAFPID-1751216"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-52428",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-52428.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-342816",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-816845",
"CSAFPID-711746",
"CSAFPID-1751216"
]
}
],
"title": "CVE-2023-52428"
},
{
"cve": "CVE-2024-2961",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-2961",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-2961.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
}
],
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-4030",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "other",
"text": "Incorrect Default Permissions",
"title": "CWE-276"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-4030",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4030.json"
}
],
"title": "CVE-2024-4030"
},
{
"cve": "CVE-2024-4032",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"notes": [
{
"category": "other",
"text": "Expected Behavior Violation",
"title": "CWE-440"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-4032",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-4032.json"
}
],
"title": "CVE-2024-4032"
},
{
"cve": "CVE-2024-6232",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Regular Expression Complexity",
"title": "CWE-1333"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-6232",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6232.json"
}
],
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-6763",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Syntactic Correctness of Input",
"title": "CWE-1286"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751304",
"CSAFPID-1751305"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-6763",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6763.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751304",
"CSAFPID-1751305"
]
}
],
"title": "CVE-2024-6763"
},
{
"cve": "CVE-2024-6923",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-6923",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-6923.json"
}
],
"title": "CVE-2024-6923"
},
{
"cve": "CVE-2024-7254",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-7254",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7254.json"
}
],
"title": "CVE-2024-7254"
},
{
"cve": "CVE-2024-7592",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-7592",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7592.json"
}
],
"title": "CVE-2024-7592"
},
{
"cve": "CVE-2024-8088",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-8088",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8088.json"
}
],
"title": "CVE-2024-8088"
},
{
"cve": "CVE-2024-8927",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Insufficient Granularity of Access Control",
"title": "CWE-1220"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-8927",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8927.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1673422",
"CSAFPID-345049",
"CSAFPID-611417"
]
}
],
"title": "CVE-2024-8927"
},
{
"cve": "CVE-2024-11053",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-11053",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-11053.json"
}
],
"title": "CVE-2024-11053"
},
{
"cve": "CVE-2024-21211",
"cwe": {
"id": "CWE-922",
"name": "Insecure Storage of Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Insecure Storage of Sensitive Information",
"title": "CWE-922"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1751223",
"CSAFPID-1751224"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-21211",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1751223",
"CSAFPID-1751224"
]
}
],
"title": "CVE-2024-21211"
},
{
"cve": "CVE-2024-22262",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-22262",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1650825",
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
}
],
"title": "CVE-2024-22262"
},
{
"cve": "CVE-2024-24789",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-24789",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24789.json"
}
],
"title": "CVE-2024-24789"
},
{
"cve": "CVE-2024-24790",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Misinterpretation of Input",
"title": "CWE-115"
},
{
"category": "other",
"text": "Improper Validation of Specified Type of Input",
"title": "CWE-1287"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-24790",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24790.json"
}
],
"title": "CVE-2024-24790"
},
{
"cve": "CVE-2024-24791",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-24791",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24791.json"
}
],
"title": "CVE-2024-24791"
},
{
"cve": "CVE-2024-28757",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"title": "CWE-776"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-28757",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-28757.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503575",
"CSAFPID-1503604",
"CSAFPID-342816",
"CSAFPID-816845",
"CSAFPID-711746"
]
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-33599",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33599",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33599.json"
}
],
"title": "CVE-2024-33599"
},
{
"cve": "CVE-2024-33600",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "other",
"text": "NULL Pointer Dereference",
"title": "CWE-476"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33600",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33600.json"
}
],
"title": "CVE-2024-33600"
},
{
"cve": "CVE-2024-33601",
"cwe": {
"id": "CWE-703",
"name": "Improper Check or Handling of Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
},
{
"category": "other",
"text": "Reachable Assertion",
"title": "CWE-617"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33601",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33601.json"
}
],
"title": "CVE-2024-33601"
},
{
"cve": "CVE-2024-33602",
"cwe": {
"id": "CWE-466",
"name": "Return of Pointer Value Outside of Expected Range"
},
"notes": [
{
"category": "other",
"text": "Return of Pointer Value Outside of Expected Range",
"title": "CWE-466"
},
{
"category": "other",
"text": "Improper Check or Handling of Exceptional Conditions",
"title": "CWE-703"
}
],
"references": [
{
"category": "self",
"summary": "CVE-2024-33602",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-33602.json"
}
],
"title": "CVE-2024-33602"
},
{
"cve": "CVE-2024-38819",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38819",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38819.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1650825"
]
}
],
"title": "CVE-2024-38819"
},
{
"cve": "CVE-2024-38820",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "other",
"text": "Improper Handling of Case Sensitivity",
"title": "CWE-178"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1650825"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38820",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38820.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1650825"
]
}
],
"title": "CVE-2024-38820"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…