csaf_ncscnl - ncsc-2024-0412

Vulnerability from csaf_ncscnl

Published

2024-10-17 13:16

Modified

2024-10-17 13:16

Summary

Kwetsbaarheden verholpen in Oracle Peoplesoft

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Oracle heeft kwetsbaarheden verholpen in Peoplesoft.

Interpretaties

Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service (DoS) te veroorzaken, of om toegang te krijgen tot (persoons)gevoelige gegevens in de database en deze mogelijk te manipuleren.

Oplossingen

Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-405

Asymmetric Resource Consumption (Amplification)

CWE-450

Multiple Interpretations of UI Input

CWE-345

Insufficient Verification of Data Authenticity

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-416

Use After Free

CWE-476

NULL Pointer Dereference

CWE-295

Improper Certificate Validation

CWE-20

Improper Input Validation

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Peoplesoft.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service (DoS) te veroorzaken, of om toegang te krijgen tot (persoons)gevoelige gegevens in de database en deze mogelijk te manipuleren.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Asymmetric Resource Consumption (Amplification)",
        "title": "CWE-405"
      },
      {
        "category": "general",
        "text": "Multiple Interpretations of UI Input",
        "title": "CWE-450"
      },
      {
        "category": "general",
        "text": "Insufficient Verification of Data Authenticity",
        "title": "CWE-345"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Improper Certificate Validation",
        "title": "CWE-295"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat",
        "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Peoplesoft",
    "tracking": {
      "current_release_date": "2024-10-17T13:16:18.175855Z",
      "id": "NCSC-2024-0412",
      "initial_release_date": "2024-10-17T13:16:18.175855Z",
      "revision_history": [
        {
          "date": "2024-10-17T13:16:18.175855Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "peoplesoft",
            "product": {
              "name": "peoplesoft",
              "product_id": "CSAFPID-1676099",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft:8.59:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft",
            "product": {
              "name": "peoplesoft",
              "product_id": "CSAFPID-1676097",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft:8.60:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft",
            "product": {
              "name": "peoplesoft",
              "product_id": "CSAFPID-1676096",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft:8.61:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft",
            "product": {
              "name": "peoplesoft",
              "product_id": "CSAFPID-1676098",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft:9.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft___9.2.50",
            "product": {
              "name": "peoplesoft___9.2.50",
              "product_id": "CSAFPID-1676100",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft___9.2.50:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_cc_common_application_objects",
            "product": {
              "name": "peoplesoft_enterprise_cc_common_application_objects",
              "product_id": "CSAFPID-449779",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_cc_common_application_objects:9.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_crm_client_management",
            "product": {
              "name": "peoplesoft_enterprise_crm_client_management",
              "product_id": "CSAFPID-912607",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_crm_client_management:9.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_elm_enterprise_learning_management",
            "product": {
              "name": "peoplesoft_enterprise_elm_enterprise_learning_management",
              "product_id": "CSAFPID-1673472",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_elm_enterprise_learning_management:9.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_fin_expenses",
            "product": {
              "name": "peoplesoft_enterprise_fin_expenses",
              "product_id": "CSAFPID-172664",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_expenses:9.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_benefits_administration",
            "product": {
              "name": "peoplesoft_enterprise_hcm_benefits_administration",
              "product_id": "CSAFPID-912052",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_benefits_administration:9.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673774",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.0:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673748",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.10:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673791",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.11:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673779",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.12:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673786",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.13:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673768",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.14:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673757",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.15:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673788",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.16:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673775",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.17:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673769",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.18:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673753",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.19:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673785",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673770",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.20:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673787",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.21:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673796",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.22:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673749",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.23:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673760",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.24:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673777",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.25:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673793",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.26:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673794",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.27:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673755",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.28:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673762",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.29:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673767",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673764",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.30:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673752",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.31:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673792",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.32:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673778",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.33:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673781",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.34:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673771",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.35:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673758",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.36:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673789",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.37:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673776",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.38:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673766",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.39:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673759",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673763",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.40:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673772",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.41:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673782",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.42:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673797",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.43:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673750",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.44:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673761",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.45:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673780",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.46:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673783",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.47:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673471",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.48-9.2.50:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673795",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.48:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673756",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.49:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673798",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673784",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.50:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673773",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.5:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673765",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.6:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673751",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.7:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673754",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.8:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_global_payroll_core",
            "product": {
              "name": "peoplesoft_enterprise_hcm_global_payroll_core",
              "product_id": "CSAFPID-1673790",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.9:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_human_resources",
            "product": {
              "name": "peoplesoft_enterprise_hcm_human_resources",
              "product_id": "CSAFPID-172663",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_human_resources:9.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_hcm_shared_components",
            "product": {
              "name": "peoplesoft_enterprise_hcm_shared_components",
              "product_id": "CSAFPID-607590",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_shared_components:9.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_peopletools",
            "product": {
              "name": "peoplesoft_enterprise_peopletools",
              "product_id": "CSAFPID-1682",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_peopletools",
            "product": {
              "name": "peoplesoft_enterprise_peopletools",
              "product_id": "CSAFPID-1681",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_peopletools",
            "product": {
              "name": "peoplesoft_enterprise_peopletools",
              "product_id": "CSAFPID-816362",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_peopletools",
            "product": {
              "name": "peoplesoft_enterprise_peopletools",
              "product_id": "CSAFPID-1503667",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:_opensearch___8.59:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_peopletools",
            "product": {
              "name": "peoplesoft_enterprise_peopletools",
              "product_id": "CSAFPID-1503672",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:_opensearch___8.60:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_peopletools",
            "product": {
              "name": "peoplesoft_enterprise_peopletools",
              "product_id": "CSAFPID-1503676",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:_opensearch___8.61:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_peopletools",
            "product": {
              "name": "peoplesoft_enterprise_peopletools",
              "product_id": "CSAFPID-1503669",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:_web_server___8.59:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_peopletools",
            "product": {
              "name": "peoplesoft_enterprise_peopletools",
              "product_id": "CSAFPID-1503673",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:_web_server___8.60:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "peoplesoft_enterprise_peopletools",
            "product": {
              "name": "peoplesoft_enterprise_peopletools",
              "product_id": "CSAFPID-1503678",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:_web_server___8.61:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-5752",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1676096",
          "CSAFPID-1676097",
          "CSAFPID-1676098",
          "CSAFPID-1676099",
          "CSAFPID-1676100",
          "CSAFPID-1681",
          "CSAFPID-1682",
          "CSAFPID-816362",
          "CSAFPID-912052",
          "CSAFPID-912607"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-5752",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5752.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1676096",
            "CSAFPID-1676097",
            "CSAFPID-1676098",
            "CSAFPID-1676099",
            "CSAFPID-1676100",
            "CSAFPID-1681",
            "CSAFPID-1682",
            "CSAFPID-816362",
            "CSAFPID-912052",
            "CSAFPID-912607"
          ]
        }
      ],
      "title": "CVE-2023-5752"
    },
    {
      "cve": "CVE-2023-37920",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        },
        {
          "category": "other",
          "text": "Insufficient Verification of Data Authenticity",
          "title": "CWE-345"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-172663",
          "CSAFPID-607590",
          "CSAFPID-1503667",
          "CSAFPID-1503669",
          "CSAFPID-1682",
          "CSAFPID-1503672",
          "CSAFPID-1503673",
          "CSAFPID-1681",
          "CSAFPID-1503676",
          "CSAFPID-1503678",
          "CSAFPID-816362"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-37920",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-37920.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-172663",
            "CSAFPID-607590",
            "CSAFPID-1503667",
            "CSAFPID-1503669",
            "CSAFPID-1682",
            "CSAFPID-1503672",
            "CSAFPID-1503673",
            "CSAFPID-1681",
            "CSAFPID-1503676",
            "CSAFPID-1503678",
            "CSAFPID-816362"
          ]
        }
      ],
      "title": "CVE-2023-37920"
    },
    {
      "cve": "CVE-2024-0232",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1676096",
          "CSAFPID-1676097",
          "CSAFPID-1676098",
          "CSAFPID-1676099",
          "CSAFPID-1676100",
          "CSAFPID-172663",
          "CSAFPID-607590",
          "CSAFPID-1503667",
          "CSAFPID-1503669",
          "CSAFPID-1682",
          "CSAFPID-1503672",
          "CSAFPID-1503673",
          "CSAFPID-1681",
          "CSAFPID-1503676",
          "CSAFPID-1503678",
          "CSAFPID-816362"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0232",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0232.json"
        }
      ],
      "title": "CVE-2024-0232"
    },
    {
      "cve": "CVE-2024-0450",
      "cwe": {
        "id": "CWE-450",
        "name": "Multiple Interpretations of UI Input"
      },
      "notes": [
        {
          "category": "other",
          "text": "Multiple Interpretations of UI Input",
          "title": "CWE-450"
        },
        {
          "category": "other",
          "text": "Asymmetric Resource Consumption (Amplification)",
          "title": "CWE-405"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1676096",
          "CSAFPID-1676097",
          "CSAFPID-1676098",
          "CSAFPID-1676099",
          "CSAFPID-1676100",
          "CSAFPID-172663",
          "CSAFPID-607590",
          "CSAFPID-1503667",
          "CSAFPID-1503669",
          "CSAFPID-1682",
          "CSAFPID-1503672",
          "CSAFPID-1503673",
          "CSAFPID-1681",
          "CSAFPID-1503676",
          "CSAFPID-1503678",
          "CSAFPID-816362"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0450",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0450.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1676096",
            "CSAFPID-1676097",
            "CSAFPID-1676098",
            "CSAFPID-1676099",
            "CSAFPID-1676100",
            "CSAFPID-172663",
            "CSAFPID-607590",
            "CSAFPID-1503667",
            "CSAFPID-1503669",
            "CSAFPID-1682",
            "CSAFPID-1503672",
            "CSAFPID-1503673",
            "CSAFPID-1681",
            "CSAFPID-1503676",
            "CSAFPID-1503678",
            "CSAFPID-816362"
          ]
        }
      ],
      "title": "CVE-2024-0450"
    },
    {
      "cve": "CVE-2024-0727",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1676096",
          "CSAFPID-1676097",
          "CSAFPID-1676098",
          "CSAFPID-1676099",
          "CSAFPID-1676100",
          "CSAFPID-1681",
          "CSAFPID-1682",
          "CSAFPID-816362",
          "CSAFPID-912052",
          "CSAFPID-912607",
          "CSAFPID-172663",
          "CSAFPID-607590",
          "CSAFPID-1503667",
          "CSAFPID-1503669",
          "CSAFPID-1503672",
          "CSAFPID-1503673",
          "CSAFPID-1503676",
          "CSAFPID-1503678"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-0727",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-0727.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1676096",
            "CSAFPID-1676097",
            "CSAFPID-1676098",
            "CSAFPID-1676099",
            "CSAFPID-1676100",
            "CSAFPID-1681",
            "CSAFPID-1682",
            "CSAFPID-816362",
            "CSAFPID-912052",
            "CSAFPID-912607",
            "CSAFPID-172663",
            "CSAFPID-607590",
            "CSAFPID-1503667",
            "CSAFPID-1503669",
            "CSAFPID-1503672",
            "CSAFPID-1503673",
            "CSAFPID-1503676",
            "CSAFPID-1503678"
          ]
        }
      ],
      "title": "CVE-2024-0727"
    },
    {
      "cve": "CVE-2024-21202",
      "product_status": {
        "known_affected": [
          "CSAFPID-816362",
          "CSAFPID-1681",
          "CSAFPID-1682",
          "CSAFPID-1676096",
          "CSAFPID-1676097",
          "CSAFPID-1676098",
          "CSAFPID-1676099",
          "CSAFPID-1676100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21202",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21202.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816362",
            "CSAFPID-1681",
            "CSAFPID-1682",
            "CSAFPID-1676096",
            "CSAFPID-1676097",
            "CSAFPID-1676098",
            "CSAFPID-1676099",
            "CSAFPID-1676100"
          ]
        }
      ],
      "title": "CVE-2024-21202"
    },
    {
      "cve": "CVE-2024-21214",
      "product_status": {
        "known_affected": [
          "CSAFPID-816362",
          "CSAFPID-1681",
          "CSAFPID-1682",
          "CSAFPID-1676096",
          "CSAFPID-1676097",
          "CSAFPID-1676098",
          "CSAFPID-1676099",
          "CSAFPID-1676100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21214",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21214.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816362",
            "CSAFPID-1681",
            "CSAFPID-1682",
            "CSAFPID-1676096",
            "CSAFPID-1676097",
            "CSAFPID-1676098",
            "CSAFPID-1676099",
            "CSAFPID-1676100"
          ]
        }
      ],
      "title": "CVE-2024-21214"
    },
    {
      "cve": "CVE-2024-21249",
      "product_status": {
        "known_affected": [
          "CSAFPID-172664",
          "CSAFPID-1676096",
          "CSAFPID-1676097",
          "CSAFPID-1676098",
          "CSAFPID-1676099",
          "CSAFPID-1676100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21249",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21249.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-172664",
            "CSAFPID-1676096",
            "CSAFPID-1676097",
            "CSAFPID-1676098",
            "CSAFPID-1676099",
            "CSAFPID-1676100"
          ]
        }
      ],
      "title": "CVE-2024-21249"
    },
    {
      "cve": "CVE-2024-21255",
      "product_status": {
        "known_affected": [
          "CSAFPID-816362",
          "CSAFPID-1681",
          "CSAFPID-1682",
          "CSAFPID-1676096",
          "CSAFPID-1676097",
          "CSAFPID-1676098",
          "CSAFPID-1676099",
          "CSAFPID-1676100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21255",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21255.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-816362",
            "CSAFPID-1681",
            "CSAFPID-1682",
            "CSAFPID-1676096",
            "CSAFPID-1676097",
            "CSAFPID-1676098",
            "CSAFPID-1676099",
            "CSAFPID-1676100"
          ]
        }
      ],
      "title": "CVE-2024-21255"
    },
    {
      "cve": "CVE-2024-21264",
      "product_status": {
        "known_affected": [
          "CSAFPID-449779",
          "CSAFPID-1676096",
          "CSAFPID-1676097",
          "CSAFPID-1676098",
          "CSAFPID-1676099",
          "CSAFPID-1676100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21264",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21264.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-449779",
            "CSAFPID-1676096",
            "CSAFPID-1676097",
            "CSAFPID-1676098",
            "CSAFPID-1676099",
            "CSAFPID-1676100"
          ]
        }
      ],
      "title": "CVE-2024-21264"
    },
    {
      "cve": "CVE-2024-21283",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673471",
          "CSAFPID-1676096",
          "CSAFPID-1676097",
          "CSAFPID-1676098",
          "CSAFPID-1676099",
          "CSAFPID-1676100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21283",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21283.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673471",
            "CSAFPID-1676096",
            "CSAFPID-1676097",
            "CSAFPID-1676098",
            "CSAFPID-1676099",
            "CSAFPID-1676100"
          ]
        }
      ],
      "title": "CVE-2024-21283"
    },
    {
      "cve": "CVE-2024-21286",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673472",
          "CSAFPID-1676096",
          "CSAFPID-1676097",
          "CSAFPID-1676098",
          "CSAFPID-1676099",
          "CSAFPID-1676100"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21286",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21286.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673472",
            "CSAFPID-1676096",
            "CSAFPID-1676097",
            "CSAFPID-1676098",
            "CSAFPID-1676099",
            "CSAFPID-1676100"
          ]
        }
      ],
      "title": "CVE-2024-21286"
    },
    {
      "cve": "CVE-2024-26130",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1676096",
          "CSAFPID-1676097",
          "CSAFPID-1676098",
          "CSAFPID-1676099",
          "CSAFPID-1676100",
          "CSAFPID-1681",
          "CSAFPID-1682",
          "CSAFPID-816362",
          "CSAFPID-912052",
          "CSAFPID-912607",
          "CSAFPID-172663",
          "CSAFPID-607590",
          "CSAFPID-1503667",
          "CSAFPID-1503669",
          "CSAFPID-1503672",
          "CSAFPID-1503673",
          "CSAFPID-1503676",
          "CSAFPID-1503678"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-26130",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-26130.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1676096",
            "CSAFPID-1676097",
            "CSAFPID-1676098",
            "CSAFPID-1676099",
            "CSAFPID-1676100",
            "CSAFPID-1681",
            "CSAFPID-1682",
            "CSAFPID-816362",
            "CSAFPID-912052",
            "CSAFPID-912607",
            "CSAFPID-172663",
            "CSAFPID-607590",
            "CSAFPID-1503667",
            "CSAFPID-1503669",
            "CSAFPID-1503672",
            "CSAFPID-1503673",
            "CSAFPID-1503676",
            "CSAFPID-1503678"
          ]
        }
      ],
      "title": "CVE-2024-26130"
    }
  ]
}

cve-2024-21214

Vulnerability from cvelistv5

Published

2024-10-15 19:52

Modified

2024-10-16 14:35

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Oracle Corporation

PeopleSoft Enterprise PeopleTools

Version: 8.59
Version: 8.60
Version: 8.61
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21214",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-16T14:31:57.402645Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-16T14:35:43.640Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*"
          ],
          "product": "PeopleSoft Enterprise PeopleTools",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.59"
            },
            {
              "status": "affected",
              "version": "8.60"
            },
            {
              "status": "affected",
              "version": "8.61"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query).  Supported versions that are affected are 8.59, 8.60 and  8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as  unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as  unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:42.872Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21214",
    "datePublished": "2024-10-15T19:52:42.872Z",
    "dateReserved": "2023-12-07T22:28:10.690Z",
    "dateUpdated": "2024-10-16T14:35:43.640Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-0450

Vulnerability from cvelistv5

Published

2024-03-19 15:12

Modified

2024-08-02 15:00

Severity ?

6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.

References

▼	URL	Tags
	https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba	patch
	https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b	patch
	https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549	patch
	https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85	patch
	https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51	patch
	https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183	patch
	https://github.com/python/cpython/issues/109858	issue-tracking
	https://www.bamsoftware.com/hacks/zipbomb/
	https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html
	https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html
	http://www.openwall.com/lists/oss-security/2024/03/20/5
	https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675	patch
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/

Impacted products

Vendor

Product

Version

▼

Python Software Foundation

CPython

Version: 0
Version: 3.9.0
Version: 3.10.0
Version: 3.11.0
Version: 3.12.0
Version: 3.13.0a1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:04:49.775Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183"
          },
          {
            "tags": [
              "issue-tracking",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/issues/109858"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bamsoftware.com/hacks/zipbomb/"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:python:cpython:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cpython",
            "vendor": "python",
            "versions": [
              {
                "lessThan": "3.8.18",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "3.9.18"
              },
              {
                "status": "affected",
                "version": "3.10.13"
              },
              {
                "status": "affected",
                "version": "3.11.7"
              },
              {
                "status": "affected",
                "version": "3.12.1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0450",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-20T14:30:38.300055Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:00:26.971Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "CPython",
          "repo": "https://github.com/python/cpython",
          "vendor": "Python Software Foundation",
          "versions": [
            {
              "lessThan": "3.8.19",
              "status": "affected",
              "version": "0",
              "versionType": "python"
            },
            {
              "lessThan": "3.9.19",
              "status": "affected",
              "version": "3.9.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.10.14",
              "status": "affected",
              "version": "3.10.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.11.8",
              "status": "affected",
              "version": "3.11.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.12.2",
              "status": "affected",
              "version": "3.12.0",
              "versionType": "python"
            },
            {
              "lessThan": "3.13.0a3",
              "status": "affected",
              "version": "3.13.0a1",
              "versionType": "python"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior.\n\nThe zipfile module is vulnerable to \u201cquoted-overlap\u201d zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive.\n\n"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-405",
              "description": "CWE-405",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T19:24:15.993Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/python/cpython/issues/109858"
        },
        {
          "url": "https://www.bamsoftware.com/hacks/zipbomb/"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/20/5"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/python/cpython/commit/70497218351ba44bffc8b571201ecb5652d84675"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T3IGRX54M7RNCQOXVQO5KQKTGWCOABIM/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5VHWS52HGD743C47UMCSAK2A773M2YE/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Quoted zip-bomb protection for zipfile",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2024-0450",
    "datePublished": "2024-03-19T15:12:07.789Z",
    "dateReserved": "2024-01-11T22:16:41.964Z",
    "dateUpdated": "2024-08-02T15:00:26.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21249

Vulnerability from cvelistv5

Published

2024-10-15 19:52

Modified

2024-10-31 14:25

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Oracle Corporation

PeopleSoft Enterprise FIN Expenses

Version: 9.2
cpe:2.3:a:oracle:peoplesoft_enterprise_fin_expenses:9.2:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21249",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T13:18:19.899758Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T14:25:43.483Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_expenses:9.2:*:*:*:*:*:*:*"
          ],
          "product": "PeopleSoft Enterprise FIN Expenses",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "9.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Expenses.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of PeopleSoft Enterprise FIN Expenses accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Expenses.  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of PeopleSoft Enterprise FIN Expenses accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:51.089Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21249",
    "datePublished": "2024-10-15T19:52:51.089Z",
    "dateReserved": "2023-12-07T22:28:10.700Z",
    "dateUpdated": "2024-10-31T14:25:43.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-0232

Vulnerability from cvelistv5

Published

2024-01-16 14:01

Modified

2024-11-27 22:55

Severity ?

4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.

References

▼	URL	Tags
	https://access.redhat.com/security/cve/CVE-2024-0232	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2243754	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

▼

Version: 0 ≤

Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0232",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-13T20:18:59.193130Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-13T20:19:06.883Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:16.024Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-0232"
          },
          {
            "name": "RHBZ#2243754",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243754"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240315-0007/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.sqlite.org/download.html",
          "defaultStatus": "unaffected",
          "packageName": "sqlite",
          "versions": [
            {
              "lessThan": "3.43.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "sqlite",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "sqlite",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "mingw-sqlite",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "sqlite",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "sqlite",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-10-12T00:00:00+00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-27T22:55:22.352Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-0232"
        },
        {
          "name": "RHBZ#2243754",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243754"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-12T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-10-12T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Sqlite: use-after-free bug in jsonparseaddnodearray",
      "x_redhatCweChain": "CWE-416: Use After Free"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-0232",
    "datePublished": "2024-01-16T14:01:58.505Z",
    "dateReserved": "2024-01-04T12:11:09.709Z",
    "dateUpdated": "2024-11-27T22:55:22.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21255

Vulnerability from cvelistv5

Published

2024-10-15 19:52

Modified

2024-10-15 20:37

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Oracle Corporation

PeopleSoft Enterprise PeopleTools

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21255",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T20:31:29.771936Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T20:37:32.900Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*"
          ],
          "product": "PeopleSoft Enterprise PeopleTools",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.59"
            },
            {
              "status": "affected",
              "version": "8.60"
            },
            {
              "status": "affected",
              "version": "8.61"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: XMLPublisher).  Supported versions that are affected are 8.59, 8.60 and  8.61. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.  Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.  Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:52.972Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21255",
    "datePublished": "2024-10-15T19:52:52.972Z",
    "dateReserved": "2023-12-07T22:28:10.701Z",
    "dateUpdated": "2024-10-15T20:37:32.900Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-0727

Vulnerability from cvelistv5

Published

2024-01-26 08:57

Modified

2024-10-14 14:55

Severity ?

Summary

Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

References

▼	URL	Tags
	https://www.openssl.org/news/secadv/20240125.txt	vendor-advisory
	https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a	patch
	https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c	patch
	https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2	patch
	https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8	patch
	https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539	patch

Impacted products

Vendor

Product

Version

▼

OpenSSL

Version: 3.2.0   ≤
Version: 3.1.0   ≤
Version: 3.0.0   ≤
Version: 1.1.1   < 1.1.1x
Version: 1.0.2   < 1.0.2zj

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:18:17.369Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "OpenSSL Advisory",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20240125.txt"
          },
          {
            "name": "3.2.1 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
          },
          {
            "name": "3.1.5 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
          },
          {
            "name": "3.0.13 git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
          },
          {
            "name": "1.1.1x git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8"
          },
          {
            "name": "1.0.2zj git commit",
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240208-0006/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "lessThan": "3.2.1",
              "status": "affected",
              "version": "3.2.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.1.5",
              "status": "affected",
              "version": "3.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "3.0.13",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.1.1x",
              "status": "affected",
              "version": "1.1.1",
              "versionType": "custom"
            },
            {
              "lessThan": "1.0.2zj",
              "status": "affected",
              "version": "1.0.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Bahaa Naamneh (Crosspoint Labs)"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Matt Caswell"
        }
      ],
      "datePublic": "2024-01-25T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\u003cbr\u003eto crash leading to a potential Denial of Service attack\u003cbr\u003e\u003cbr\u003eImpact summary: Applications loading files in the PKCS12 format from untrusted\u003cbr\u003esources might terminate abruptly.\u003cbr\u003e\u003cbr\u003eA file in PKCS12 format can contain certificates and keys and may come from an\u003cbr\u003euntrusted source. The PKCS12 specification allows certain fields to be NULL, but\u003cbr\u003eOpenSSL does not correctly check for this case. This can lead to a NULL pointer\u003cbr\u003edereference that results in OpenSSL crashing. If an application processes PKCS12\u003cbr\u003efiles from an untrusted source using the OpenSSL APIs then that application will\u003cbr\u003ebe vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\u003cbr\u003ePKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\u003cbr\u003eand PKCS12_newpass().\u003cbr\u003e\u003cbr\u003eWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\u003cbr\u003efunction is related to writing data we do not consider it security significant.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue."
            }
          ],
          "value": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue."
        }
      ],
      "metrics": [
        {
          "format": "other",
          "other": {
            "content": {
              "text": "Low"
            },
            "type": "https://www.openssl.org/policies/secpolicy.html"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-14T14:55:58.371Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "OpenSSL Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.openssl.org/news/secadv/20240125.txt"
        },
        {
          "name": "3.2.1 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a"
        },
        {
          "name": "3.1.5 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c"
        },
        {
          "name": "3.0.13 git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2"
        },
        {
          "name": "1.1.1x git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8"
        },
        {
          "name": "1.0.2zj git commit",
          "tags": [
            "patch"
          ],
          "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "PKCS12 Decoding crashes",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2024-0727",
    "datePublished": "2024-01-26T08:57:19.579Z",
    "dateReserved": "2024-01-19T11:01:11.010Z",
    "dateUpdated": "2024-10-14T14:55:58.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-37920

Vulnerability from cvelistv5

Published

2023-07-25 20:45

Modified

2024-09-12 16:02

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Summary

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.

References

▼	URL	Tags
	https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7	x_refsource_CONFIRM
	https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909	x_refsource_MISC
	https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/

Impacted products

Vendor

Product

Version

▼

certifi

python-certifi

Version: >= 2015.04.28, < 2023.07.22

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-12T16:02:55.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7"
          },
          {
            "name": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909"
          },
          {
            "name": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240912-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "python-certifi",
          "vendor": "certifi",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2015.04.28, \u003c 2023.07.22"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes \"e-Tugra\" root certificates. e-Tugra\u0027s root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from \"e-Tugra\" from the root store."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345: Insufficient Verification of Data Authenticity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-25T20:46:04.572Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-xqr8-7jwr-rhp7"
        },
        {
          "name": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/certifi/python-certifi/commit/8fb96ed81f71e7097ed11bc4d9b19afd7ea5c909"
        },
        {
          "name": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EX6NG7WUFNUKGFHLM35KHHU3GAKXRTG/"
        }
      ],
      "source": {
        "advisory": "GHSA-xqr8-7jwr-rhp7",
        "discovery": "UNKNOWN"
      },
      "title": "Certifi\u0027s removal of e-Tugra root certificate"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-37920",
    "datePublished": "2023-07-25T20:45:35.286Z",
    "dateReserved": "2023-07-10T17:51:29.612Z",
    "dateUpdated": "2024-09-12T16:02:55.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21283

Vulnerability from cvelistv5

Published

2024-10-15 19:53

Modified

2024-10-15 21:48

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Oracle Corporation

PeopleSoft Enterprise HCM Global Payroll Core

Version: 9.2.48 <
cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.48-9.2.50:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21283",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T20:31:19.264312Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-863",
                "description": "CWE-863 Incorrect Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T21:48:58.607Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_core:9.2.48-9.2.50:*:*:*:*:*:*:*"
          ],
          "product": "PeopleSoft Enterprise HCM Global Payroll Core",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThanOrEqual": "9.2.50",
              "status": "affected",
              "version": "9.2.48",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core).  Supported versions that are affected are 9.2.48-9.2.50. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as  unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core.  Successful attacks of this vulnerability can result in  unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as  unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:53:02.811Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21283",
    "datePublished": "2024-10-15T19:53:02.811Z",
    "dateReserved": "2023-12-07T22:28:10.706Z",
    "dateUpdated": "2024-10-15T21:48:58.607Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-5752

Vulnerability from cvelistv5

Published

2023-10-24 20:56

Modified

2024-09-17 14:16

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.

References

▼	URL	Tags
	https://github.com/pypa/pip/pull/12306	patch
	https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW/

Impacted products

Vendor

Product

Version

▼

Pip maintainers

pip

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:07:32.609Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/pypa/pip/pull/12306"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-5752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T13:38:11.134953Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T14:16:23.805Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pypi.org",
          "defaultStatus": "affected",
          "packageName": "pip",
          "product": "pip",
          "repo": "https://github.com/pypa/pip",
          "vendor": "Pip maintainers",
          "versions": [
            {
              "status": "unaffected",
              "version": "23.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Paul Gerste"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When installing a package from a Mercurial VCS URL  (ie \"pip install \nhg+...\") with pip prior to v23.3, the specified Mercurial revision could\n be used to inject arbitrary configuration options to the \"hg clone\" \ncall (ie \"--config\"). Controlling the Mercurial configuration can modify\n how and which repository is installed. This vulnerability does not \naffect users who aren\u0027t installing from Mercurial.\u003cbr\u003e"
            }
          ],
          "value": "When installing a package from a Mercurial VCS URL  (ie \"pip install \nhg+...\") with pip prior to v23.3, the specified Mercurial revision could\n be used to inject arbitrary configuration options to the \"hg clone\" \ncall (ie \"--config\"). Controlling the Mercurial configuration can modify\n how and which repository is installed. This vulnerability does not \naffect users who aren\u0027t installing from Mercurial.\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T21:41:30.616Z",
        "orgId": "28c92f92-d60d-412d-b760-e73465c3df22",
        "shortName": "PSF"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/pypa/pip/pull/12306"
        },
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YBSB3SUPQ3VIFYUMHPO3MEQI4BJAXKCZ/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KFC2SPFG5FLCZBYY2K3T5MFW2D22NG6E/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/622OZXWG72ISQPLM5Y57YCVIMWHD4C3U/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/65UKKF5LBHEFDCUSPBHUN4IHYX7SRMHH/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FXUVMJM25PUAZRQZBF54OFVKTY3MINPW/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Mercurial configuration injectable in repo revision when installing via pip",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22",
    "assignerShortName": "PSF",
    "cveId": "CVE-2023-5752",
    "datePublished": "2023-10-24T20:56:05.469Z",
    "dateReserved": "2023-10-24T15:04:01.631Z",
    "dateUpdated": "2024-09-17T14:16:23.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21202

Vulnerability from cvelistv5

Published

2024-10-15 19:52

Modified

2024-10-17 13:40

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Oracle Corporation

PeopleSoft Enterprise PeopleTools

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21202",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T13:40:07.928338Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T13:40:17.491Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.60:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.61:*:*:*:*:*:*:*"
          ],
          "product": "PeopleSoft Enterprise PeopleTools",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.59"
            },
            {
              "status": "affected",
              "version": "8.60"
            },
            {
              "status": "affected",
              "version": "8.61"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).  Supported versions that are affected are 8.59, 8.60 and  8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as  unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as  unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:38.756Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21202",
    "datePublished": "2024-10-15T19:52:38.756Z",
    "dateReserved": "2023-12-07T22:28:10.689Z",
    "dateUpdated": "2024-10-17T13:40:17.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21286

Vulnerability from cvelistv5

Published

2024-10-15 19:53

Modified

2024-10-15 21:15

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Oracle Corporation

PeopleSoft Enterprise ELM Enterprise Learning Management

Version: 9.2
cpe:2.3:a:oracle:peoplesoft_enterprise_elm_enterprise_learning_management:9.2:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21286",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T20:25:38.566195Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T21:15:47.823Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:peoplesoft_enterprise_elm_enterprise_learning_management:9.2:*:*:*:*:*:*:*"
          ],
          "product": "PeopleSoft Enterprise ELM Enterprise Learning Management",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "9.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the PeopleSoft Enterprise ELM Enterprise Learning Management product of Oracle PeopleSoft (component: Enterprise Learning Management).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ELM Enterprise Learning Management.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise ELM Enterprise Learning Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data as well as  unauthorized read access to a subset of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ELM Enterprise Learning Management.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise ELM Enterprise Learning Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data as well as  unauthorized read access to a subset of PeopleSoft Enterprise ELM Enterprise Learning Management accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:53:03.774Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21286",
    "datePublished": "2024-10-15T19:53:03.774Z",
    "dateReserved": "2023-12-07T22:28:10.707Z",
    "dateUpdated": "2024-10-15T21:15:47.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21264

Vulnerability from cvelistv5

Published

2024-10-15 19:52

Modified

2024-10-15 21:16

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Oracle Corporation

PeopleSoft Enterprise CC Common Application Objects

Version: 9.2
cpe:2.3:a:oracle:peoplesoft_enterprise_cc_common_application_objects:9.2:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21264",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T20:25:53.062470Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T21:16:06.268Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:peoplesoft_enterprise_cc_common_application_objects:9.2:*:*:*:*:*:*:*"
          ],
          "product": "PeopleSoft Enterprise CC Common Application Objects",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "9.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as  unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as  unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:55.591Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21264",
    "datePublished": "2024-10-15T19:52:55.591Z",
    "dateReserved": "2023-12-07T22:28:10.703Z",
    "dateUpdated": "2024-10-15T21:16:06.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-26130

Vulnerability from cvelistv5

Published

2024-02-21 16:28

Modified

2024-08-14 20:01

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.

References

▼	URL	Tags
	https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4	x_refsource_CONFIRM
	https://github.com/pyca/cryptography/pull/10423	x_refsource_MISC
	https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

pyca

cryptography

Version: >= 38.0.0, < 42.0.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:59:32.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4"
          },
          {
            "name": "https://github.com/pyca/cryptography/pull/10423",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pyca/cryptography/pull/10423"
          },
          {
            "name": "https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cryptography_project:cryptography:*:*:*:*:*:python:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cryptography",
            "vendor": "cryptography_project",
            "versions": [
              {
                "lessThan": "42.04",
                "status": "affected",
                "version": "38.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26130",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-14T19:56:07.150963Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-14T20:01:52.628Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cryptography",
          "vendor": "pyca",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 38.0.0, \u003c 42.0.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476: NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-21T16:28:18.632Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4"
        },
        {
          "name": "https://github.com/pyca/cryptography/pull/10423",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyca/cryptography/pull/10423"
        },
        {
          "name": "https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55"
        }
      ],
      "source": {
        "advisory": "GHSA-6vqw-3v5j-54x4",
        "discovery": "UNKNOWN"
      },
      "title": "cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-26130",
    "datePublished": "2024-02-21T16:28:18.632Z",
    "dateReserved": "2024-02-14T17:40:03.687Z",
    "dateUpdated": "2024-08-14T20:01:52.628Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_ncscnl

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature