csaf_ncscnl - ncsc-2024-0419

Vulnerability from csaf_ncscnl

Published

2024-10-17 13:20

Modified

2024-10-17 13:20

Summary

Kwetsbaarheden verholpen in Oracle Java

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten

Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.

Interpretaties

Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade: - Denial-of-Service (DoS) - Manipuleren van data - Uitvoer van willekeurige code (Gebruikersrechten) - Toegang tot gevoelige gegevens Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.

Oplossingen

Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans

medium

Schade

high

CWE-130

Improper Handling of Length Parameter Inconsistency

CWE-195

Signed to Unsigned Conversion Error

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-190

Integer Overflow or Wraparound

CWE-416

Use After Free

CWE-122

Heap-based Buffer Overflow

CWE-789

Memory Allocation with Excessive Size Value

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Toegang tot gevoelige gegevens\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Handling of Length Parameter Inconsistency",
        "title": "CWE-130"
      },
      {
        "category": "general",
        "text": "Signed to Unsigned Conversion Error",
        "title": "CWE-195"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Memory Allocation with Excessive Size Value",
        "title": "CWE-789"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat",
        "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Java",
    "tracking": {
      "current_release_date": "2024-10-17T13:20:07.759085Z",
      "id": "NCSC-2024-0419",
      "initial_release_date": "2024-10-17T13:20:07.759085Z",
      "revision_history": [
        {
          "date": "2024-10-17T13:20:07.759085Z",
          "number": "0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "graalvm",
            "product": {
              "name": "graalvm",
              "product_id": "CSAFPID-1673125",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm",
            "product": {
              "name": "graalvm",
              "product_id": "CSAFPID-1673121",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm",
            "product": {
              "name": "graalvm",
              "product_id": "CSAFPID-1673122",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm",
            "product": {
              "name": "graalvm",
              "product_id": "CSAFPID-1673123",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm",
            "product": {
              "name": "graalvm",
              "product_id": "CSAFPID-1673120",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_java_se_23:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_java_se",
            "product": {
              "name": "oracle_java_se",
              "product_id": "CSAFPID-1673115",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_java_se",
            "product": {
              "name": "oracle_java_se",
              "product_id": "CSAFPID-1673116",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_java_se",
            "product": {
              "name": "oracle_java_se",
              "product_id": "CSAFPID-1673112",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_java_se",
            "product": {
              "name": "oracle_java_se",
              "product_id": "CSAFPID-1673113",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_java_se",
            "product": {
              "name": "oracle_java_se",
              "product_id": "CSAFPID-1673114",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_java_se",
            "product": {
              "name": "oracle_java_se",
              "product_id": "CSAFPID-1673108",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_java_se",
            "product": {
              "name": "oracle_java_se",
              "product_id": "CSAFPID-1673109",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_java_se",
            "product": {
              "name": "oracle_java_se",
              "product_id": "CSAFPID-1673110",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_java_se",
            "product": {
              "name": "oracle_java_se",
              "product_id": "CSAFPID-1673111",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_java_se",
            "product": {
              "name": "oracle_java_se",
              "product_id": "CSAFPID-1673107",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "oracle_java_se",
            "product": {
              "name": "oracle_java_se",
              "product_id": "CSAFPID-1673106",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm",
            "product": {
              "name": "graalvm",
              "product_id": "CSAFPID-1673124",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle_corporation"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-912046",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-1503299",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-1673300",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-912045",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-1503302",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-1673301",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-912044",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-1503306",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-1673304",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-912600",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm_for_jdk",
            "product": {
              "name": "graalvm_for_jdk",
              "product_id": "CSAFPID-912601",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm",
            "product": {
              "name": "graalvm",
              "product_id": "CSAFPID-1457455",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm",
            "product": {
              "name": "graalvm",
              "product_id": "CSAFPID-1672740",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm",
            "product": {
              "name": "graalvm",
              "product_id": "CSAFPID-1673407",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm",
            "product": {
              "name": "graalvm",
              "product_id": "CSAFPID-1672742",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "graalvm",
            "product": {
              "name": "graalvm",
              "product_id": "CSAFPID-1673406",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "database_server",
            "product": {
              "name": "database_server",
              "product_id": "CSAFPID-1503604",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-550274",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-912051",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1503300",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:11.0.23:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1673306",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-912050",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1503304",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:17.0.11:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1673303",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-912049",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1503305",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:21.0.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1673305",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1503307",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:22.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-912048",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1673302",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-912047",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1503308",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:8u411:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1672741",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1673439",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-912602",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1503647",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.14:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1503648",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.10:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-912603",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-912604",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.10:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1503649",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.11:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-912605",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.2:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1503650",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.3:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1503651",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22.0.1:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-912606",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1674674",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1674680",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1674673",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1674675",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1674672",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1674681",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1674676",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1674678",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1674677",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-1674679",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*"
              }
            }
          },
          {
            "category": "product_name",
            "name": "java_se",
            "product": {
              "name": "java_se",
              "product_id": "CSAFPID-220891",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-7104",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1672741"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-7104",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1672741"
          ]
        }
      ],
      "title": "CVE-2023-7104"
    },
    {
      "cve": "CVE-2023-42950",
      "product_status": {
        "known_affected": [
          "CSAFPID-1672741",
          "CSAFPID-1673406",
          "CSAFPID-1673407",
          "CSAFPID-1674672",
          "CSAFPID-1674673",
          "CSAFPID-1674674",
          "CSAFPID-1674675",
          "CSAFPID-1674676",
          "CSAFPID-1674677",
          "CSAFPID-1674678",
          "CSAFPID-1674679",
          "CSAFPID-1674680",
          "CSAFPID-1674681"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-42950",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42950.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1672741",
            "CSAFPID-1673406",
            "CSAFPID-1673407",
            "CSAFPID-1674672",
            "CSAFPID-1674673",
            "CSAFPID-1674674",
            "CSAFPID-1674675",
            "CSAFPID-1674676",
            "CSAFPID-1674677",
            "CSAFPID-1674678",
            "CSAFPID-1674679",
            "CSAFPID-1674680",
            "CSAFPID-1674681"
          ]
        }
      ],
      "title": "CVE-2023-42950"
    },
    {
      "cve": "CVE-2024-21208",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Length Parameter Inconsistency",
          "title": "CWE-130"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673106",
          "CSAFPID-1673107",
          "CSAFPID-1673108",
          "CSAFPID-1673109",
          "CSAFPID-1673110",
          "CSAFPID-1673111",
          "CSAFPID-1673112",
          "CSAFPID-1673113",
          "CSAFPID-1673114",
          "CSAFPID-1673115",
          "CSAFPID-1673116",
          "CSAFPID-1673300",
          "CSAFPID-1673301",
          "CSAFPID-1673302",
          "CSAFPID-1673303",
          "CSAFPID-1673304",
          "CSAFPID-1673305",
          "CSAFPID-1672741",
          "CSAFPID-220891",
          "CSAFPID-1673306",
          "CSAFPID-1673407",
          "CSAFPID-1673406",
          "CSAFPID-1673439",
          "CSAFPID-1674672",
          "CSAFPID-1674673",
          "CSAFPID-1674674",
          "CSAFPID-1674675",
          "CSAFPID-1674676",
          "CSAFPID-1674677",
          "CSAFPID-1674678",
          "CSAFPID-1674679",
          "CSAFPID-1674680",
          "CSAFPID-1674681"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21208",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21208.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673106",
            "CSAFPID-1673107",
            "CSAFPID-1673108",
            "CSAFPID-1673109",
            "CSAFPID-1673110",
            "CSAFPID-1673111",
            "CSAFPID-1673112",
            "CSAFPID-1673113",
            "CSAFPID-1673114",
            "CSAFPID-1673115",
            "CSAFPID-1673116",
            "CSAFPID-1673300",
            "CSAFPID-1673301",
            "CSAFPID-1673302",
            "CSAFPID-1673303",
            "CSAFPID-1673304",
            "CSAFPID-1673305",
            "CSAFPID-1672741",
            "CSAFPID-220891",
            "CSAFPID-1673306",
            "CSAFPID-1673407",
            "CSAFPID-1673406",
            "CSAFPID-1673439",
            "CSAFPID-1674672",
            "CSAFPID-1674673",
            "CSAFPID-1674674",
            "CSAFPID-1674675",
            "CSAFPID-1674676",
            "CSAFPID-1674677",
            "CSAFPID-1674678",
            "CSAFPID-1674679",
            "CSAFPID-1674680",
            "CSAFPID-1674681"
          ]
        }
      ],
      "title": "CVE-2024-21208"
    },
    {
      "cve": "CVE-2024-21210",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "notes": [
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673106",
          "CSAFPID-1673107",
          "CSAFPID-1673108",
          "CSAFPID-1673109",
          "CSAFPID-1673110",
          "CSAFPID-1673111",
          "CSAFPID-1673305",
          "CSAFPID-1672741",
          "CSAFPID-1673303",
          "CSAFPID-1673302",
          "CSAFPID-1673306",
          "CSAFPID-220891",
          "CSAFPID-1673439",
          "CSAFPID-1674672",
          "CSAFPID-1674673",
          "CSAFPID-1674674",
          "CSAFPID-1674675",
          "CSAFPID-1674676",
          "CSAFPID-1674677",
          "CSAFPID-1674678",
          "CSAFPID-1674679",
          "CSAFPID-1674680",
          "CSAFPID-1674681"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21210",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21210.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673106",
            "CSAFPID-1673107",
            "CSAFPID-1673108",
            "CSAFPID-1673109",
            "CSAFPID-1673110",
            "CSAFPID-1673111",
            "CSAFPID-1673305",
            "CSAFPID-1672741",
            "CSAFPID-1673303",
            "CSAFPID-1673302",
            "CSAFPID-1673306",
            "CSAFPID-220891",
            "CSAFPID-1673439",
            "CSAFPID-1674672",
            "CSAFPID-1674673",
            "CSAFPID-1674674",
            "CSAFPID-1674675",
            "CSAFPID-1674676",
            "CSAFPID-1674677",
            "CSAFPID-1674678",
            "CSAFPID-1674679",
            "CSAFPID-1674680",
            "CSAFPID-1674681"
          ]
        }
      ],
      "title": "CVE-2024-21210"
    },
    {
      "cve": "CVE-2024-21211",
      "product_status": {
        "known_affected": [
          "CSAFPID-1673120",
          "CSAFPID-1673121",
          "CSAFPID-1673122",
          "CSAFPID-1673123",
          "CSAFPID-1673124",
          "CSAFPID-1673125",
          "CSAFPID-1673111",
          "CSAFPID-1673112",
          "CSAFPID-1673113",
          "CSAFPID-1673114",
          "CSAFPID-1673115",
          "CSAFPID-1673116",
          "CSAFPID-1673300",
          "CSAFPID-1673302",
          "CSAFPID-1673407",
          "CSAFPID-1673406",
          "CSAFPID-1673301",
          "CSAFPID-1673304",
          "CSAFPID-1674672",
          "CSAFPID-1674673",
          "CSAFPID-1674674",
          "CSAFPID-1674675",
          "CSAFPID-1674676",
          "CSAFPID-1674677",
          "CSAFPID-1674678",
          "CSAFPID-1674679",
          "CSAFPID-1674680",
          "CSAFPID-1674681"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21211",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673120",
            "CSAFPID-1673121",
            "CSAFPID-1673122",
            "CSAFPID-1673123",
            "CSAFPID-1673124",
            "CSAFPID-1673125",
            "CSAFPID-1673111",
            "CSAFPID-1673112",
            "CSAFPID-1673113",
            "CSAFPID-1673114",
            "CSAFPID-1673115",
            "CSAFPID-1673116",
            "CSAFPID-1673300",
            "CSAFPID-1673302",
            "CSAFPID-1673407",
            "CSAFPID-1673406",
            "CSAFPID-1673301",
            "CSAFPID-1673304",
            "CSAFPID-1674672",
            "CSAFPID-1674673",
            "CSAFPID-1674674",
            "CSAFPID-1674675",
            "CSAFPID-1674676",
            "CSAFPID-1674677",
            "CSAFPID-1674678",
            "CSAFPID-1674679",
            "CSAFPID-1674680",
            "CSAFPID-1674681"
          ]
        }
      ],
      "title": "CVE-2024-21211"
    },
    {
      "cve": "CVE-2024-21217",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Memory Allocation with Excessive Size Value",
          "title": "CWE-789"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673106",
          "CSAFPID-1673107",
          "CSAFPID-1673108",
          "CSAFPID-1673109",
          "CSAFPID-1673110",
          "CSAFPID-1673111",
          "CSAFPID-1673112",
          "CSAFPID-1673113",
          "CSAFPID-1673114",
          "CSAFPID-1673115",
          "CSAFPID-1673116",
          "CSAFPID-1673305",
          "CSAFPID-1673302",
          "CSAFPID-1673303",
          "CSAFPID-1672741",
          "CSAFPID-220891",
          "CSAFPID-1673306",
          "CSAFPID-1673300",
          "CSAFPID-1673301",
          "CSAFPID-1673304",
          "CSAFPID-1673407",
          "CSAFPID-1673406",
          "CSAFPID-1673439",
          "CSAFPID-1674672",
          "CSAFPID-1674673",
          "CSAFPID-1674674",
          "CSAFPID-1674675",
          "CSAFPID-1674676",
          "CSAFPID-1674677",
          "CSAFPID-1674678",
          "CSAFPID-1674679",
          "CSAFPID-1674680",
          "CSAFPID-1674681"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21217",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21217.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673106",
            "CSAFPID-1673107",
            "CSAFPID-1673108",
            "CSAFPID-1673109",
            "CSAFPID-1673110",
            "CSAFPID-1673111",
            "CSAFPID-1673112",
            "CSAFPID-1673113",
            "CSAFPID-1673114",
            "CSAFPID-1673115",
            "CSAFPID-1673116",
            "CSAFPID-1673305",
            "CSAFPID-1673302",
            "CSAFPID-1673303",
            "CSAFPID-1672741",
            "CSAFPID-220891",
            "CSAFPID-1673306",
            "CSAFPID-1673300",
            "CSAFPID-1673301",
            "CSAFPID-1673304",
            "CSAFPID-1673407",
            "CSAFPID-1673406",
            "CSAFPID-1673439",
            "CSAFPID-1674672",
            "CSAFPID-1674673",
            "CSAFPID-1674674",
            "CSAFPID-1674675",
            "CSAFPID-1674676",
            "CSAFPID-1674677",
            "CSAFPID-1674678",
            "CSAFPID-1674679",
            "CSAFPID-1674680",
            "CSAFPID-1674681"
          ]
        }
      ],
      "title": "CVE-2024-21217"
    },
    {
      "cve": "CVE-2024-21235",
      "cwe": {
        "id": "CWE-195",
        "name": "Signed to Unsigned Conversion Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Signed to Unsigned Conversion Error",
          "title": "CWE-195"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673106",
          "CSAFPID-1673107",
          "CSAFPID-1673108",
          "CSAFPID-1673109",
          "CSAFPID-1673110",
          "CSAFPID-1673111",
          "CSAFPID-1673112",
          "CSAFPID-1673113",
          "CSAFPID-1673114",
          "CSAFPID-1673115",
          "CSAFPID-1673116",
          "CSAFPID-1673305",
          "CSAFPID-1673302",
          "CSAFPID-1673301",
          "CSAFPID-1672741",
          "CSAFPID-1673300",
          "CSAFPID-220891",
          "CSAFPID-1673306",
          "CSAFPID-1673304",
          "CSAFPID-1673303",
          "CSAFPID-1673407",
          "CSAFPID-1673406",
          "CSAFPID-1673439",
          "CSAFPID-1674672",
          "CSAFPID-1674673",
          "CSAFPID-1674674",
          "CSAFPID-1674675",
          "CSAFPID-1674676",
          "CSAFPID-1674677",
          "CSAFPID-1674678",
          "CSAFPID-1674679",
          "CSAFPID-1674680",
          "CSAFPID-1674681"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-21235",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21235.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1673106",
            "CSAFPID-1673107",
            "CSAFPID-1673108",
            "CSAFPID-1673109",
            "CSAFPID-1673110",
            "CSAFPID-1673111",
            "CSAFPID-1673112",
            "CSAFPID-1673113",
            "CSAFPID-1673114",
            "CSAFPID-1673115",
            "CSAFPID-1673116",
            "CSAFPID-1673305",
            "CSAFPID-1673302",
            "CSAFPID-1673301",
            "CSAFPID-1672741",
            "CSAFPID-1673300",
            "CSAFPID-220891",
            "CSAFPID-1673306",
            "CSAFPID-1673304",
            "CSAFPID-1673303",
            "CSAFPID-1673407",
            "CSAFPID-1673406",
            "CSAFPID-1673439",
            "CSAFPID-1674672",
            "CSAFPID-1674673",
            "CSAFPID-1674674",
            "CSAFPID-1674675",
            "CSAFPID-1674676",
            "CSAFPID-1674677",
            "CSAFPID-1674678",
            "CSAFPID-1674679",
            "CSAFPID-1674680",
            "CSAFPID-1674681"
          ]
        }
      ],
      "title": "CVE-2024-21235"
    },
    {
      "cve": "CVE-2024-25062",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1672741",
          "CSAFPID-1673406",
          "CSAFPID-1673407",
          "CSAFPID-1674672",
          "CSAFPID-1674673",
          "CSAFPID-1674674",
          "CSAFPID-1674675",
          "CSAFPID-1674676",
          "CSAFPID-1674677",
          "CSAFPID-1674678",
          "CSAFPID-1674679",
          "CSAFPID-1674680",
          "CSAFPID-1674681",
          "CSAFPID-550274",
          "CSAFPID-912044",
          "CSAFPID-912045",
          "CSAFPID-912046",
          "CSAFPID-912047",
          "CSAFPID-912048",
          "CSAFPID-912049",
          "CSAFPID-912050",
          "CSAFPID-912051",
          "CSAFPID-912600",
          "CSAFPID-912601",
          "CSAFPID-912602",
          "CSAFPID-912603",
          "CSAFPID-912604",
          "CSAFPID-912605",
          "CSAFPID-1503604",
          "CSAFPID-912606",
          "CSAFPID-1503299",
          "CSAFPID-1503302",
          "CSAFPID-1503306",
          "CSAFPID-1503647",
          "CSAFPID-1503648",
          "CSAFPID-1503649",
          "CSAFPID-1503650",
          "CSAFPID-1503651",
          "CSAFPID-1503300",
          "CSAFPID-1503304",
          "CSAFPID-1503305",
          "CSAFPID-1503307",
          "CSAFPID-1503308"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-25062",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1672741",
            "CSAFPID-1673406",
            "CSAFPID-1673407",
            "CSAFPID-1674672",
            "CSAFPID-1674673",
            "CSAFPID-1674674",
            "CSAFPID-1674675",
            "CSAFPID-1674676",
            "CSAFPID-1674677",
            "CSAFPID-1674678",
            "CSAFPID-1674679",
            "CSAFPID-1674680",
            "CSAFPID-1674681",
            "CSAFPID-550274",
            "CSAFPID-912044",
            "CSAFPID-912045",
            "CSAFPID-912046",
            "CSAFPID-912047",
            "CSAFPID-912048",
            "CSAFPID-912049",
            "CSAFPID-912050",
            "CSAFPID-912051",
            "CSAFPID-912600",
            "CSAFPID-912601",
            "CSAFPID-912602",
            "CSAFPID-912603",
            "CSAFPID-912604",
            "CSAFPID-912605",
            "CSAFPID-1503604",
            "CSAFPID-912606",
            "CSAFPID-1503299",
            "CSAFPID-1503302",
            "CSAFPID-1503306",
            "CSAFPID-1503647",
            "CSAFPID-1503648",
            "CSAFPID-1503649",
            "CSAFPID-1503650",
            "CSAFPID-1503651",
            "CSAFPID-1503300",
            "CSAFPID-1503304",
            "CSAFPID-1503305",
            "CSAFPID-1503307",
            "CSAFPID-1503308"
          ]
        }
      ],
      "title": "CVE-2024-25062"
    },
    {
      "cve": "CVE-2024-36138",
      "cwe": {
        "id": "CWE-77",
        "name": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
          "title": "CWE-77"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1673301",
          "CSAFPID-1673304",
          "CSAFPID-1673300",
          "CSAFPID-1674672",
          "CSAFPID-1674673",
          "CSAFPID-1674674",
          "CSAFPID-1674675",
          "CSAFPID-1674676",
          "CSAFPID-1674677",
          "CSAFPID-1674678",
          "CSAFPID-1674679",
          "CSAFPID-1674680",
          "CSAFPID-1674681"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-36138",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json"
        }
      ],
      "title": "CVE-2024-36138"
    }
  ]
}

cve-2024-21208

Vulnerability from cvelistv5

Published

2024-10-15 19:52

Modified

2024-10-31 13:06

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Oracle Corporation

Oracle Java SE

Version: Oracle Java SE:8u421
Version: Oracle Java SE:8u421-perf
Version: Oracle Java SE:11.0.24
Version: Oracle Java SE:17.0.12
Version: Oracle Java SE:21.0.4
Version: Oracle Java SE:23
Version: Oracle GraalVM for JDK:17.0.12
Version: Oracle GraalVM for JDK:21.0.4
Version: Oracle GraalVM for JDK:23
Version: Oracle GraalVM Enterprise Edition:20.3.15
Version: Oracle GraalVM Enterprise Edition:21.3.11
    cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*
    cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
    cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21208",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T13:27:45.725418Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-203",
                "description": "CWE-203 Observable Discrepancy",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T13:06:16.702Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*",
            "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.24"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.15"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:40.907Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21208",
    "datePublished": "2024-10-15T19:52:40.907Z",
    "dateReserved": "2023-12-07T22:28:10.690Z",
    "dateUpdated": "2024-10-31T13:06:16.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21210

Vulnerability from cvelistv5

Published

2024-10-15 19:52

Modified

2024-10-31 13:05

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Oracle Corporation

Oracle Java SE

Version: Oracle Java SE:8u421
Version: Oracle Java SE:8u421-perf
Version: Oracle Java SE:11.0.24
Version: Oracle Java SE:17.0.12
Version: Oracle Java SE:21.0.4
Version: Oracle Java SE:23
    cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*
    cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21210",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T13:26:29.982643Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-203",
                "description": "CWE-203 Observable Discrepancy",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T13:05:44.388Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*",
            "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.24"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4 and  23. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:41.538Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21210",
    "datePublished": "2024-10-15T19:52:41.538Z",
    "dateReserved": "2023-12-07T22:28:10.690Z",
    "dateUpdated": "2024-10-31T13:05:44.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-36138

Vulnerability from cvelistv5

Published

2024-09-07 16:00

Modified

2024-11-08 15:02

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled.

References

▼	URL	Tags
	https://nodejs.org/en/blog/vulnerability/july-2024-security-releases

Impacted products

Vendor

Product

Version

▼

nodejs

node

Version: 18.20.3   ≤ 18.20.3
Version: 20.15.0   ≤ 20.15.0
Version: 22.4.0   ≤ 22.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "nodejs",
            "vendor": "nodejs",
            "versions": [
              {
                "lessThan": "18.20.4",
                "status": "affected",
                "version": "18.0",
                "versionType": "semver"
              },
              {
                "lessThan": "20.15.1",
                "status": "affected",
                "version": "20.0",
                "versionType": "semver"
              },
              {
                "lessThan": "22.4.1",
                "status": "affected",
                "version": "22.0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36138",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T17:53:28.236286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-77",
                "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T17:57:58.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-08T15:02:49.727Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241108-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "node",
          "vendor": "nodejs",
          "versions": [
            {
              "lessThanOrEqual": "18.20.3",
              "status": "affected",
              "version": "18.20.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "20.15.0",
              "status": "affected",
              "version": "20.15.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "22.4.0",
              "status": "affected",
              "version": "22.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via child_process.spawn / child_process.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-07T16:00:36.011Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://nodejs.org/en/blog/vulnerability/july-2024-security-releases"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2024-36138",
    "datePublished": "2024-09-07T16:00:36.011Z",
    "dateReserved": "2024-05-21T01:04:07.208Z",
    "dateUpdated": "2024-11-08T15:02:49.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-7104

Vulnerability from cvelistv5

Published

2023-12-25 21:00

Modified

2024-08-02 08:50

Severity ?

5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.

References

▼	URL	Tags
	https://vuldb.com/?id.248999	vdb-entry, technical-description
	https://vuldb.com/?ctiid.248999	signature, permissions-required
	https://sqlite.org/forum/forumpost/5bcbf4571c	related
	https://sqlite.org/src/info/0e4e7a05c4204b47	patch
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/
	https://security.netapp.com/advisory/ntap-20240112-0008/

Impacted products

Vendor

Product

Version

▼

SQLite

SQLite3

Version: 3.0
Version: 3.1
Version: 3.2
Version: 3.3
Version: 3.4
Version: 3.5
Version: 3.6
Version: 3.7
Version: 3.8
Version: 3.9
Version: 3.10
Version: 3.11
Version: 3.12
Version: 3.13
Version: 3.14
Version: 3.15
Version: 3.16
Version: 3.17
Version: 3.18
Version: 3.19
Version: 3.20
Version: 3.21
Version: 3.22
Version: 3.23
Version: 3.24
Version: 3.25
Version: 3.26
Version: 3.27
Version: 3.28
Version: 3.29
Version: 3.30
Version: 3.31
Version: 3.32
Version: 3.33
Version: 3.34
Version: 3.35
Version: 3.36
Version: 3.37
Version: 3.38
Version: 3.39
Version: 3.40
Version: 3.41
Version: 3.42
Version: 3.43

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:50:08.189Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "technical-description",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.248999"
          },
          {
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.248999"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://sqlite.org/forum/forumpost/5bcbf4571c"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://sqlite.org/src/info/0e4e7a05c4204b47"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240112-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "make alltest Handler"
          ],
          "product": "SQLite3",
          "vendor": "SQLite",
          "versions": [
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            },
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "status": "affected",
              "version": "3.4"
            },
            {
              "status": "affected",
              "version": "3.5"
            },
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "status": "affected",
              "version": "3.8"
            },
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "status": "affected",
              "version": "3.11"
            },
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "status": "affected",
              "version": "3.14"
            },
            {
              "status": "affected",
              "version": "3.15"
            },
            {
              "status": "affected",
              "version": "3.16"
            },
            {
              "status": "affected",
              "version": "3.17"
            },
            {
              "status": "affected",
              "version": "3.18"
            },
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "status": "affected",
              "version": "3.20"
            },
            {
              "status": "affected",
              "version": "3.21"
            },
            {
              "status": "affected",
              "version": "3.22"
            },
            {
              "status": "affected",
              "version": "3.23"
            },
            {
              "status": "affected",
              "version": "3.24"
            },
            {
              "status": "affected",
              "version": "3.25"
            },
            {
              "status": "affected",
              "version": "3.26"
            },
            {
              "status": "affected",
              "version": "3.27"
            },
            {
              "status": "affected",
              "version": "3.28"
            },
            {
              "status": "affected",
              "version": "3.29"
            },
            {
              "status": "affected",
              "version": "3.30"
            },
            {
              "status": "affected",
              "version": "3.31"
            },
            {
              "status": "affected",
              "version": "3.32"
            },
            {
              "status": "affected",
              "version": "3.33"
            },
            {
              "status": "affected",
              "version": "3.34"
            },
            {
              "status": "affected",
              "version": "3.35"
            },
            {
              "status": "affected",
              "version": "3.36"
            },
            {
              "status": "affected",
              "version": "3.37"
            },
            {
              "status": "affected",
              "version": "3.38"
            },
            {
              "status": "affected",
              "version": "3.39"
            },
            {
              "status": "affected",
              "version": "3.40"
            },
            {
              "status": "affected",
              "version": "3.41"
            },
            {
              "status": "affected",
              "version": "3.42"
            },
            {
              "status": "affected",
              "version": "3.43"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Junwha Hong"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Wonil Jang"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "qbit (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in SQLite SQLite3 bis 3.43.0 gefunden. Hierbei geht es um die Funktion sessionReadRecord der Datei ext/session/sqlite3session.c der Komponente make alltest Handler. Durch die Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.2,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T09:44:27.826Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.248999"
        },
        {
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.248999"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://sqlite.org/forum/forumpost/5bcbf4571c"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://sqlite.org/src/info/0e4e7a05c4204b47"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240112-0008/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-12-25T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2023-12-25T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2023-12-29T10:49:22.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2023-7104",
    "datePublished": "2023-12-25T21:00:05.997Z",
    "dateReserved": "2023-12-25T14:00:48.991Z",
    "dateUpdated": "2024-08-02T08:50:08.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-42950

Vulnerability from cvelistv5

Published

2024-03-28 15:39

Modified

2024-08-09 15:40

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution.

References

▼	URL	Tags
	https://support.apple.com/en-us/HT214039
	https://support.apple.com/en-us/HT214035
	https://support.apple.com/en-us/HT214040
	https://support.apple.com/en-us/HT214036
	https://support.apple.com/en-us/HT214041
	https://support.apple.com/kb/HT214039
	http://www.openwall.com/lists/oss-security/2024/03/26/1
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/

Impacted products

Vendor

Product

Version

▼

Apple

Safari

Version: unspecified < 17.2

Apple	iOS and iPadOS	Version: unspecified < 17.2
Apple	tvOS	Version: unspecified < 17.2
Apple	macOS	Version: unspecified < 14.2
Apple	watchOS	Version: unspecified < 10.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:37:22.615Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214035"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214040"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214036"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT214041"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT214039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "safari",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "iphone_os",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ipad_os",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "tvos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "17.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "macos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "14.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:apple:watchos:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "watchos",
            "vendor": "apple",
            "versions": [
              {
                "lessThan": "10.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-42950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-28T17:46:25.004934Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-09T15:40:20.216Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Safari",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "tvOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "17.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "10.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-28T15:39:16.227Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "url": "https://support.apple.com/en-us/HT214039"
        },
        {
          "url": "https://support.apple.com/en-us/HT214035"
        },
        {
          "url": "https://support.apple.com/en-us/HT214040"
        },
        {
          "url": "https://support.apple.com/en-us/HT214036"
        },
        {
          "url": "https://support.apple.com/en-us/HT214041"
        },
        {
          "url": "https://support.apple.com/kb/HT214039"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/26/1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXLXIOAH5S7J22LJTCIAVFVVJ4TESAX4/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2023-42950",
    "datePublished": "2024-03-28T15:39:16.227Z",
    "dateReserved": "2023-09-14T19:05:11.474Z",
    "dateUpdated": "2024-08-09T15:40:20.216Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21217

Vulnerability from cvelistv5

Published

2024-10-15 19:52

Modified

2024-10-17 13:44

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Oracle Corporation

Oracle Java SE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21217",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T13:44:31.294836Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T13:44:40.075Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*",
            "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.24"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.15"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:43.814Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21217",
    "datePublished": "2024-10-15T19:52:43.814Z",
    "dateReserved": "2023-12-07T22:28:10.691Z",
    "dateUpdated": "2024-10-17T13:44:40.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-25062

Vulnerability from cvelistv5

Published

2024-02-04 00:00

Modified

2024-08-01 23:36

Severity ?

Summary

An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free.

References

▼	URL	Tags
	https://gitlab.gnome.org/GNOME/libxml2/-/tags
	https://gitlab.gnome.org/GNOME/libxml2/-/issues/604

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:36:21.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-02-04T16:04:53.794792",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags"
        },
        {
          "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-25062",
    "datePublished": "2024-02-04T00:00:00",
    "dateReserved": "2024-02-04T00:00:00",
    "dateUpdated": "2024-08-01T23:36:21.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21211

Vulnerability from cvelistv5

Published

2024-10-15 19:52

Modified

2024-10-31 12:58

Severity ?

3.7 (Low) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Oracle Corporation

GraalVM

Version: Oracle Java SE:23
Version: Oracle GraalVM for JDK:17.0.12
Version: Oracle GraalVM for JDK:21.0.4
Version: Oracle GraalVM for JDK:23
Version: Oracle GraalVM Enterprise Edition:20.3.15
Version: Oracle GraalVM Enterprise Edition:21.3.11
    cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*
    cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*

Oracle Corporation

Oracle Java SE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21211",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T13:26:03.882463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-922",
                "description": "CWE-922 Insecure Storage of Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T12:58:57.038Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-18T13:07:36.569Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241018-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
          ],
          "product": "GraalVM",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.15"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.11"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.15"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler).  Supported versions that are affected are Oracle Java SE: 23; Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23; Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:41.883Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21211",
    "datePublished": "2024-10-15T19:52:41.883Z",
    "dateReserved": "2023-12-07T22:28:10.690Z",
    "dateUpdated": "2024-10-31T12:58:57.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-21235

Vulnerability from cvelistv5

Published

2024-10-15 19:52

Modified

2024-10-16 14:30

Severity ?

4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

References

▼	URL	Tags
	https://www.oracle.com/security-alerts/cpuoct2024.html	vendor-advisory

Impacted products

Vendor

Product

Version

▼

Oracle Corporation

Oracle Java SE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21235",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-16T14:30:43.618436Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-16T14:30:53.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*",
            "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*",
            "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*",
            "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*"
          ],
          "product": "Oracle Java SE",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:8u421-perf"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:11.0.24"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle Java SE:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:17.0.12"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:21.0.4"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM for JDK:23"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:20.3.15"
            },
            {
              "status": "affected",
              "version": "Oracle GraalVM Enterprise Edition:21.3.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).  Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23;   Oracle GraalVM for JDK: 17.0.12, 21.0.4, 23;   Oracle GraalVM Enterprise Edition: 20.3.15 and  21.3.11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as  unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-15T19:52:46.900Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2024-21235",
    "datePublished": "2024-10-15T19:52:46.900Z",
    "dateReserved": "2023-12-07T22:28:10.698Z",
    "dateUpdated": "2024-10-16T14:30:53.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_ncscnl

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature