Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-1248
Vulnerability from csaf_certbund
Published
2024-05-28 22:00
Modified
2024-11-21 23:00
Summary
Xerox FreeFlow Print Server: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "FreeFlow-Druckserver ist eine Druckserveranwendung f\u00fcr Xerox-Produktionsdrucker, die Flexibilit\u00e4t, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden", "title": "Angriff" }, { "category": "general", "text": "- Sonstiges\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1248 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1248.json" }, { "category": "self", "summary": "WID-SEC-2024-1248 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1248" }, { "category": "external", "summary": "Xerox Security Bulletin XRX24-010 vom 2024-05-28", "url": "https://security.business.xerox.com/wp-content/uploads/2024/05/Xerox-Security-Bulletin-XRX24-010-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALAS-2024-2688 vom 2024-11-01", "url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2688.html" }, { "category": "external", "summary": "XEROX Security Advisory XRX24-017 vom 2024-11-21", "url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/11/Xerox-Security-Bulletin-XRX24-017-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf" } ], "source_lang": "en-US", "title": "Xerox FreeFlow Print Server: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-11-21T23:00:00.000+00:00", "generator": { "date": "2024-11-22T10:06:51.860+00:00", "engine": { "name": "BSI-WID", "version": "1.3.8" } }, "id": "WID-SEC-W-2024-1248", "initial_release_date": "2024-05-28T22:00:00.000+00:00", "revision_history": [ { "date": "2024-05-28T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-10-31T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Amazon aufgenommen" }, { "date": "2024-11-21T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von XEROX aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "v9", "product": { "name": "Xerox FreeFlow Print Server v9", "product_id": "T015632", "product_identification_helper": { "cpe": "cpe:/a:xerox:freeflow_print_server:v9" } } }, { "category": "product_version", "name": "v7", "product": { "name": "Xerox FreeFlow Print Server v7", "product_id": "T035098", "product_identification_helper": { "cpe": "cpe:/a:xerox:freeflow_print_server:v7" } } } ], "category": "product_name", "name": "FreeFlow Print Server" } ], "category": "vendor", "name": "Xerox" } ] }, "vulnerabilities": [ { "cve": "CVE-2014-10401", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2014-10401" }, { "cve": "CVE-2014-10402", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2014-10402" }, { "cve": "CVE-2020-22218", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2020-22218" }, { "cve": "CVE-2020-27545", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2020-27545" }, { "cve": "CVE-2020-28162", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2020-28162" }, { "cve": "CVE-2020-28163", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2020-28163" }, { "cve": "CVE-2022-22817", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2022-22817" }, { "cve": "CVE-2022-32200", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2022-32200" }, { "cve": "CVE-2022-34299", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2022-34299" }, { "cve": "CVE-2022-39170", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2022-39170" }, { "cve": "CVE-2022-40982", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2022-40982" }, { "cve": "CVE-2022-46285", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2022-46285" }, { "cve": "CVE-2022-46344", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2022-46344" }, { "cve": "CVE-2023-22053", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-22053" }, { "cve": "CVE-2023-27371", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-27371" }, { "cve": "CVE-2023-34872", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-34872" }, { "cve": "CVE-2023-38408", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-38408" }, { "cve": "CVE-2023-38709", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-38709" }, { "cve": "CVE-2023-39326", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-39326" }, { "cve": "CVE-2023-39615", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-39615" }, { "cve": "CVE-2023-40305", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-40305" }, { "cve": "CVE-2023-40745", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-40745" }, { "cve": "CVE-2023-41175", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-41175" }, { "cve": "CVE-2023-43785", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-43785" }, { "cve": "CVE-2023-43786", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-43786" }, { "cve": "CVE-2023-43787", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-43787" }, { "cve": "CVE-2023-43788", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-43788" }, { "cve": "CVE-2023-43789", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-43789" }, { "cve": "CVE-2023-4408", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-4408" }, { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-45285", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-45285" }, { "cve": "CVE-2023-46589", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-46589" }, { "cve": "CVE-2023-46728", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-46728" }, { "cve": "CVE-2023-4675", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-4675" }, { "cve": "CVE-2023-46751", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-46751" }, { "cve": "CVE-2023-46809", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-46809" }, { "cve": "CVE-2023-46846", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-46846" }, { "cve": "CVE-2023-46847", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-46847" }, { "cve": "CVE-2023-46848", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-46848" }, { "cve": "CVE-2023-47038", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-47038" }, { "cve": "CVE-2023-47100", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-47100" }, { "cve": "CVE-2023-48795", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-48795" }, { "cve": "CVE-2023-49285", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-49285" }, { "cve": "CVE-2023-49286", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-49286" }, { "cve": "CVE-2023-49288", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-49288" }, { "cve": "CVE-2023-49990", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-49990" }, { "cve": "CVE-2023-49991", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-49991" }, { "cve": "CVE-2023-49992", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-49992" }, { "cve": "CVE-2023-49993", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-49993" }, { "cve": "CVE-2023-49994", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-49994" }, { "cve": "CVE-2023-50387", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-50387" }, { "cve": "CVE-2023-50447", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-50447" }, { "cve": "CVE-2023-50761", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-50761" }, { "cve": "CVE-2023-50762", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-50762" }, { "cve": "CVE-2023-50868", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-50868" }, { "cve": "CVE-2023-51384", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-51384" }, { "cve": "CVE-2023-51385", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-51385" }, { "cve": "CVE-2023-51713", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-51713" }, { "cve": "CVE-2023-51765", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-51765" }, { "cve": "CVE-2023-52355", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-52355" }, { "cve": "CVE-2023-52356", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-52356" }, { "cve": "CVE-2023-5363", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-5363" }, { "cve": "CVE-2023-5367", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-5367" }, { "cve": "CVE-2023-5371", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-5371" }, { "cve": "CVE-2023-5380", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-5380" }, { "cve": "CVE-2023-5388", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-5388" }, { "cve": "CVE-2023-5517", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-5517" }, { "cve": "CVE-2023-5574", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-5574" }, { "cve": "CVE-2023-5679", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-5679" }, { "cve": "CVE-2023-5764", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-5764" }, { "cve": "CVE-2023-5824", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-5824" }, { "cve": "CVE-2023-6174", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6174" }, { "cve": "CVE-2023-6175", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6175" }, { "cve": "CVE-2023-6377", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6377" }, { "cve": "CVE-2023-6478", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6478" }, { "cve": "CVE-2023-6516", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6516" }, { "cve": "CVE-2023-6856", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6856" }, { "cve": "CVE-2023-6857", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6857" }, { "cve": "CVE-2023-6858", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6858" }, { "cve": "CVE-2023-6859", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6859" }, { "cve": "CVE-2023-6860", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6860" }, { "cve": "CVE-2023-6861", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6861" }, { "cve": "CVE-2023-6862", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6862" }, { "cve": "CVE-2023-6863", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6863" }, { "cve": "CVE-2023-6864", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6864" }, { "cve": "CVE-2023-6865", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6865" }, { "cve": "CVE-2023-6867", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2023-6867" }, { "cve": "CVE-2024-0207", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0207" }, { "cve": "CVE-2024-0208", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0208" }, { "cve": "CVE-2024-0209", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0209" }, { "cve": "CVE-2024-0210", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0210" }, { "cve": "CVE-2024-0211", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0211" }, { "cve": "CVE-2024-0727", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0727" }, { "cve": "CVE-2024-0741", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0741" }, { "cve": "CVE-2024-0742", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0742" }, { "cve": "CVE-2024-0743", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0743" }, { "cve": "CVE-2024-0746", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0746" }, { "cve": "CVE-2024-0747", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0747" }, { "cve": "CVE-2024-0749", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0749" }, { "cve": "CVE-2024-0750", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0750" }, { "cve": "CVE-2024-0751", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0751" }, { "cve": "CVE-2024-0753", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0753" }, { "cve": "CVE-2024-0755", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-0755" }, { "cve": "CVE-2024-1546", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-1546" }, { "cve": "CVE-2024-1547", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-1547" }, { "cve": "CVE-2024-1548", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-1548" }, { "cve": "CVE-2024-1549", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-1549" }, { "cve": "CVE-2024-1550", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-1550" }, { "cve": "CVE-2024-1551", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-1551" }, { "cve": "CVE-2024-1552", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-1552" }, { "cve": "CVE-2024-1553", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-1553" }, { "cve": "CVE-2024-20999", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-20999" }, { "cve": "CVE-2024-21011", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-21011" }, { "cve": "CVE-2024-21059", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-21059" }, { "cve": "CVE-2024-21068", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-21068" }, { "cve": "CVE-2024-21085", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-21085" }, { "cve": "CVE-2024-21094", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-21094" }, { "cve": "CVE-2024-21105", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-21105" }, { "cve": "CVE-2024-21890", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-21890" }, { "cve": "CVE-2024-21891", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-21891" }, { "cve": "CVE-2024-21896", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-21896" }, { "cve": "CVE-2024-22019", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-22019" }, { "cve": "CVE-2024-22195", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-22195" }, { "cve": "CVE-2024-24680", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-24680" }, { "cve": "CVE-2024-24795", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-24795" }, { "cve": "CVE-2024-24806", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-24806" }, { "cve": "CVE-2024-25617", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-25617" }, { "cve": "CVE-2024-2605", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-2605" }, { "cve": "CVE-2024-2607", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-2607" }, { "cve": "CVE-2024-2608", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-2608" }, { "cve": "CVE-2024-2610", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-2610" }, { "cve": "CVE-2024-2611", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-2611" }, { "cve": "CVE-2024-2612", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-2612" }, { "cve": "CVE-2024-2614", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-2614" }, { "cve": "CVE-2024-2616", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-2616" }, { "cve": "CVE-2024-27316", "notes": [ { "category": "description", "text": "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Schwachstellen in unter anderem OpenJDK, Apache und Mozilla Firefox. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden." } ], "product_status": { "known_affected": [ "398363", "T015632", "T035098" ] }, "release_date": "2024-05-28T22:00:00.000+00:00", "title": "CVE-2024-27316" } ] }
cve-2023-50447
Vulnerability from cvelistv5
Published
2024-01-19 00:00
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pillow", "vendor": "python", "versions": [ { "lessThanOrEqual": "10.1.0", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-50447", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-19T03:55:36.638240Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-95", "description": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-19T14:47:58.764Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T22:16:46.654Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/python-pillow/Pillow/releases" }, { "tags": [ "x_transferred" ], "url": "https://devhub.checkmarx.com/cve-details/CVE-2023-50447/" }, { "name": "[oss-security] 20240120 Pillow 10.2.0 released, fixes CVE-2023-50447", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/20/1" }, { "name": "[debian-lts-announce] 20240129 [SECURITY] [DLA 3724-1] pillow security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html" }, { "tags": [ "x_transferred" ], "url": "https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter)." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-27T20:43:48.418836", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/python-pillow/Pillow/releases" }, { "url": "https://devhub.checkmarx.com/cve-details/CVE-2023-50447/" }, { "name": "[oss-security] 20240120 Pillow 10.2.0 released, fixes CVE-2023-50447", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/20/1" }, { "name": "[debian-lts-announce] 20240129 [SECURITY] [DLA 3724-1] pillow security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html" }, { "url": "https://duartecsantos.github.io/2024-01-02-CVE-2023-50447/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-50447", "datePublished": "2024-01-19T00:00:00", "dateReserved": "2023-12-10T00:00:00", "dateUpdated": "2024-08-02T22:16:46.654Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1552
Vulnerability from cvelistv5
Published
2024-02-20 13:21
Modified
2024-08-01 18:40
Severity ?
EPSS score ?
Summary
Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 123 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1552", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-20T17:50:58.934109Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:47.180Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:40:21.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874502" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "123", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Gary Kwong" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox \u003c 123, Firefox ESR \u003c 115.8, and Thunderbird \u003c 115.8." } ], "value": "Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox \u003c 123, Firefox ESR \u003c 115.8, and Thunderbird \u003c 115.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Incorrect code generation on 32-bit ARM devices", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-20T19:23:39.596Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874502" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2024-1552", "datePublished": "2024-02-20T13:21:36.729Z", "dateReserved": "2024-02-15T18:01:53.648Z", "dateUpdated": "2024-08-01T18:40:21.419Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6861
Vulnerability from cvelistv5
Published
2023-12-19 13:38
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox ESR |
Version: unspecified < 115.6 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:07.994Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864118" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5581" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5582" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-10" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "121", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Yangkang of 360 ATA Team" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The \u003ccode\u003ensWindow::PickerOpen(void)\u003c/code\u003e method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121." } ], "value": "The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121." } ], "problemTypes": [ { "descriptions": [ { "description": "Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-19T16:42:16.936Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864118" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/" }, { "url": "https://www.debian.org/security/2023/dsa-5581" }, { "url": "https://www.debian.org/security/2023/dsa-5582" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" }, { "url": "https://security.gentoo.org/glsa/202401-10" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-6861", "datePublished": "2023-12-19T13:38:42.037Z", "dateReserved": "2023-12-15T17:42:55.948Z", "dateUpdated": "2024-08-02T08:42:07.994Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-46589
Vulnerability from cvelistv5
Published
2023-11-28 15:31
Modified
2024-08-02 20:45
Severity ?
EPSS score ?
Summary
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.
Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Tomcat |
Version: 11.0.0-M1 ≤ 11.0.0-M10 Version: 10.1.0-M1 ≤ 10.1.15 Version: 9.0.0-M1 ≤ 9.0.82 Version: 8.5.0 ≤ 8.5.95 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:apache:tomcat:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tomcat", "vendor": "apache", "versions": [ { "lessThanOrEqual": "11.0.0-m10", "status": "affected", "version": "11.0.0-m1", "versionType": "custom" }, { "lessThanOrEqual": "10.1.15", "status": "affected", "version": "10.1.0-M1", "versionType": "custom" }, { "lessThanOrEqual": "9.0.82", "status": "affected", "version": "9.0.0-M1", "versionType": "custom" }, { "lessThanOrEqual": "8.5.95", "status": "affected", "version": "8.5.0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-46589", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-11T16:04:24.661745Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-11T17:19:10.688Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T20:45:42.297Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/11/28/2" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231214-0009/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache Tomcat", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "11.0.0-M10", "status": "affected", "version": "11.0.0-M1", "versionType": "semver" }, { "lessThanOrEqual": "10.1.15", "status": "affected", "version": "10.1.0-M1", "versionType": "semver" }, { "lessThanOrEqual": "9.0.82", "status": "affected", "version": "9.0.0-M1", "versionType": "semver" }, { "lessThanOrEqual": "8.5.95", "status": "affected", "version": "8.5.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Norihito Aimoto (OSSTech Corporation) " } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Improper Input Validation vulnerability in Apache Tomcat.\u003cp\u003eTomcat \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efrom 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95\u003c/span\u003e did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eUsers are recommended to upgrade to version 11.0.0-M11\u0026nbsp;onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e" } ], "value": "Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nUsers are recommended to upgrade to version 11.0.0-M11\u00a0onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.\n\n" } ], "metrics": [ { "other": { "content": { "text": "important" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-05T09:49:55.646Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr" }, { "url": "https://www.openwall.com/lists/oss-security/2023/11/28/2" }, { "url": "https://security.netapp.com/advisory/ntap-20231214-0009/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Apache Tomcat: HTTP request smuggling via malformed trailer headers", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-46589", "datePublished": "2023-11-28T15:31:52.366Z", "dateReserved": "2023-10-23T08:14:01.046Z", "dateUpdated": "2024-08-02T20:45:42.297Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-45285
Vulnerability from cvelistv5
Published
2023-12-06 16:27
Modified
2024-08-02 20:21
Severity ?
EPSS score ?
Summary
Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off).
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go toolchain | cmd/go |
Version: 0 ≤ Version: 1.21.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:21:15.349Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/63845" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/540257" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2023-2383" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "cmd/go", "product": "cmd/go", "vendor": "Go toolchain", "versions": [ { "lessThan": "1.20.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.21.5", "status": "affected", "version": "1.21.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "David Leadbeater" } ], "descriptions": [ { "lang": "en", "value": "Using go get to fetch a module with the \".git\" suffix may unexpectedly fallback to the insecure \"git://\" protocol if the module is unavailable via the secure \"https://\" and \"git+ssh://\" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off)." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-636: Not Failing Securely (\u0027Failing Open\u0027)", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-06T16:27:55.521Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ" }, { "url": "https://go.dev/issue/63845" }, { "url": "https://go.dev/cl/540257" }, { "url": "https://pkg.go.dev/vuln/GO-2023-2383" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/" } ], "title": "Command \u0027go get\u0027 may unexpectedly fallback to insecure git in cmd/go" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2023-45285", "datePublished": "2023-12-06T16:27:55.521Z", "dateReserved": "2023-10-06T17:06:26.220Z", "dateUpdated": "2024-08-02T20:21:15.349Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-10401
Vulnerability from cvelistv5
Published
2020-09-11 18:37
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
References
▼ | URL | Tags |
---|---|---|
https://rt.cpan.org/Public/Bug/Display.html?id=99508 | x_refsource_MISC | |
https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a | x_refsource_MISC | |
https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014 | x_refsource_MISC | |
https://usn.ubuntu.com/4509-1/ | vendor-advisory, x_refsource_UBUNTU |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:10:54.879Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://rt.cpan.org/Public/Bug/Display.html?id=99508" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014" }, { "name": "USN-4509-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4509-1/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-09-18T00:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://rt.cpan.org/Public/Bug/Display.html?id=99508" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a" }, { "tags": [ "x_refsource_MISC" ], "url": "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014" }, { "name": "USN-4509-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4509-1/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-10401", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://rt.cpan.org/Public/Bug/Display.html?id=99508", "refsource": "MISC", "url": "https://rt.cpan.org/Public/Bug/Display.html?id=99508" }, { "name": "https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a", "refsource": "MISC", "url": "https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a" }, { "name": "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014", "refsource": "MISC", "url": "https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014" }, { "name": "USN-4509-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4509-1/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-10401", "datePublished": "2020-09-11T18:37:52", "dateReserved": "2020-09-11T00:00:00", "dateUpdated": "2024-08-06T14:10:54.879Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27316
Vulnerability from cvelistv5
Published
2024-04-04 19:21
Modified
2024-08-02 00:34
Severity ?
EPSS score ?
Summary
HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: 2.4.17 ≤ 2.4.58 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "http_server", "vendor": "apache", "versions": [ { "lessThanOrEqual": "2.4.58", "status": "affected", "version": "2.4.17", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27316", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-29T15:46:29.859482Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-29T15:50:30.340Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:34:51.356Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2024/04/03/16" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/04/4" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214119" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/18" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.58", "status": "affected", "version": "2.4.17", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Bartek Nowotarski (https://nowotarski.info/)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion." } ], "value": "HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion." } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-22T08:42:14.089Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "url": "https://www.openwall.com/lists/oss-security/2024/04/03/16" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/04/4" }, { "url": "https://support.apple.com/kb/HT214119" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18" } ], "source": { "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2024-02-22T15:29:00.000Z", "value": "Reported to security team" } ], "title": "Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2024-27316", "datePublished": "2024-04-04T19:21:41.984Z", "dateReserved": "2024-02-23T14:20:56.465Z", "dateUpdated": "2024-08-02T00:34:51.356Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0207
Vulnerability from cvelistv5
Published
2024-01-03 07:31
Modified
2024-08-29 15:04
Severity ?
EPSS score ?
Summary
HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Wireshark Foundation | Wireshark |
Version: 4.2.0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T17:41:15.947Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wireshark.org/security/wnpa-sec-2024-03.html" }, { "name": "GitLab Issue #19502", "tags": [ "issue-tracking", "x_transferred" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19502" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [ { "lessThan": "4.2.1", "status": "affected", "version": "4.2.0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Dexter Gerig" } ], "descriptions": [ { "lang": "en", "value": "HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-29T15:04:53.867Z", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://www.wireshark.org/security/wnpa-sec-2024-03.html" }, { "name": "GitLab Issue #19502", "tags": [ "issue-tracking" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19502" } ], "solutions": [ { "lang": "en", "value": "Upgrade to versions 4.2.0 or above." } ], "title": "Out-of-bounds Read in Wireshark" } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2024-0207", "datePublished": "2024-01-03T07:31:10.632Z", "dateReserved": "2024-01-03T07:30:45.767Z", "dateUpdated": "2024-08-29T15:04:53.867Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-51385
Vulnerability from cvelistv5
Published
2023-12-18 00:00
Modified
2024-08-02 22:32
Severity ?
EPSS score ?
Summary
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:32:09.069Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.openssh.com/txt/release-9.6" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, { "tags": [ "x_transferred" ], "url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a" }, { "name": "DSA-5586", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5586" }, { "tags": [ "x_transferred" ], "url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html" }, { "name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" }, { "name": "[oss-security] 20231226 CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/26/4" }, { "name": "GLSA-202312-17", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202312-17" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240105-0005/" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214084" }, { "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-13T21:08:08.727930", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.openssh.com/txt/release-9.6" }, { "url": "https://www.openwall.com/lists/oss-security/2023/12/18/2" }, { "url": "https://github.com/openssh/openssh-portable/commit/7ef3787c84b6b524501211b11a26c742f829af1a" }, { "name": "DSA-5586", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2023/dsa-5586" }, { "url": "https://vin01.github.io/piptagole/ssh/security/openssh/libssh/remote-code-execution/2023/12/20/openssh-proxycommand-libssh-rce.html" }, { "name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" }, { "name": "[oss-security] 20231226 CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/26/4" }, { "name": "GLSA-202312-17", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202312-17" }, { "url": "https://security.netapp.com/advisory/ntap-20240105-0005/" }, { "url": "https://support.apple.com/kb/HT214084" }, { "name": "20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2024/Mar/21" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-51385", "datePublished": "2023-12-18T00:00:00", "dateReserved": "2023-12-18T00:00:00", "dateUpdated": "2024-08-02T22:32:09.069Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21011
Vulnerability from cvelistv5
Published
2024-04-16 21:26
Modified
2024-11-21 20:07
Severity ?
EPSS score ?
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u401 Version: Oracle Java SE:8u401-perf Version: Oracle Java SE:11.0.22 Version: Oracle Java SE:17.0.10 Version: Oracle Java SE:21.0.2 Version: Oracle Java SE:22 Version: Oracle GraalVM for JDK:17.0.10 Version: Oracle GraalVM for JDK:21.0.2 Version: Oracle GraalVM for JDK:22 Version: Oracle GraalVM Enterprise Edition:20.3.13 Version: Oracle GraalVM Enterprise Edition:21.3.9 cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21011", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-26T15:16:14.279567Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-21T20:07:53.410Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:13:42.278Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:*", "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*" ], "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:8u401" }, { "status": "affected", "version": "Oracle Java SE:8u401-perf" }, { "status": "affected", "version": "Oracle Java SE:11.0.22" }, { "status": "affected", "version": "Oracle Java SE:17.0.10" }, { "status": "affected", "version": "Oracle Java SE:21.0.2" }, { "status": "affected", "version": "Oracle Java SE:22" }, { "status": "affected", "version": "Oracle GraalVM for JDK:17.0.10" }, { "status": "affected", "version": "Oracle GraalVM for JDK:21.0.2" }, { "status": "affected", "version": "Oracle GraalVM for JDK:22" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.13" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.9" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-16T21:26:01.896Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2024-21011", "datePublished": "2024-04-16T21:26:01.896Z", "dateReserved": "2023-12-07T22:28:10.648Z", "dateUpdated": "2024-11-21T20:07:53.410Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6860
Vulnerability from cvelistv5
Published
2023-12-19 13:38
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox ESR |
Version: unspecified < 115.6 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:07.916Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1854669" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5581" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5582" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-10" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "121", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Andrew Osmond" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The \u003ccode\u003eVideoBridge\u003c/code\u003e allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121." } ], "value": "The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121." } ], "problemTypes": [ { "descriptions": [ { "description": "Potential sandbox escape due to VideoBridge lack of texture validation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-19T16:42:16.140Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1854669" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/" }, { "url": "https://www.debian.org/security/2023/dsa-5581" }, { "url": "https://www.debian.org/security/2023/dsa-5582" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" }, { "url": "https://security.gentoo.org/glsa/202401-10" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-6860", "datePublished": "2023-12-19T13:38:40.956Z", "dateReserved": "2023-12-15T17:42:55.731Z", "dateUpdated": "2024-08-02T08:42:07.916Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-20999
Vulnerability from cvelistv5
Published
2024-04-16 21:25
Modified
2024-08-27 17:34
Severity ?
EPSS score ?
References
▼ | URL | Tags |
---|---|---|
https://www.oracle.com/security-alerts/cpuapr2024.html | vendor-advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Solaris Operating System |
Version: 11 cpe:2.3:a:oracle:solaris_operating_system:11:*:*:*:*:*:*:* |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T22:13:42.183Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-20999", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-19T04:01:07.812939Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-27T17:34:02.063Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:oracle:solaris_operating_system:11:*:*:*:*:*:*:*" ], "product": "Solaris Operating System", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Zones). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-16T21:25:57.507Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2024-20999", "datePublished": "2024-04-16T21:25:57.507Z", "dateReserved": "2023-12-07T22:28:10.644Z", "dateUpdated": "2024-08-27T17:34:02.063Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38709
Vulnerability from cvelistv5
Published
2024-04-04 19:19
Modified
2024-11-05 19:38
Severity ?
EPSS score ?
Summary
Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.
This issue affects Apache HTTP Server: through 2.4.58.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache HTTP Server |
Version: 0 ≤ 2.4.58 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "http_server", "vendor": "apache", "versions": [ { "lessThanOrEqual": "2.4.58", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-38709", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T13:57:02.091077Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1284", "description": "CWE-1284 Improper Validation of Specified Quantity in Input", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T19:38:10.128Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T17:46:56.949Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240415-0013/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/04/04/3" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214119" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/18" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "2.4.58", "status": "affected", "version": "0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Orange Tsai (@orange_8361) from DEVCORE" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.\u003cbr\u003e\u003cbr\u003eThis issue affects Apache HTTP Server: through 2.4.58.\u003cbr\u003e" } ], "value": "Faulty input validation in the core of Apache allows malicious or exploitable backend/content generators to split HTTP responses.\n\nThis issue affects Apache HTTP Server: through 2.4.58." } ], "metrics": [ { "other": { "content": { "text": "moderate" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "description": "HTTP response splitting", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-04T19:19:35.467Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240415-0013/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNV4SZAPVS43DZWNFU7XBYYOZEZMI4ZC/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/04/04/3" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2N2NZEX3MR64IWSGL3QGN7KSRUGAEMF/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LX5U34KYGDYPRH3AJ6MDDCBJDWDPXNVJ/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html" }, { "url": "https://support.apple.com/kb/HT214119" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/18" } ], "source": { "discovery": "EXTERNAL" }, "timeline": [ { "lang": "en", "time": "2023-06-26T00:00:00.000Z", "value": "reported" } ], "title": "Apache HTTP Server: HTTP response splitting", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-38709", "datePublished": "2024-04-04T19:19:35.467Z", "dateReserved": "2023-07-24T17:51:18.042Z", "dateUpdated": "2024-11-05T19:38:10.128Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1548
Vulnerability from cvelistv5
Published
2024-02-20 13:21
Modified
2024-11-05 19:04
Severity ?
EPSS score ?
Summary
A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 123 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-1548", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-20T18:33:11.712912Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T19:04:38.623Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:40:21.403Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1832627" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "123", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Hafiizh" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox \u003c 123, Firefox ESR \u003c 115.8, and Thunderbird \u003c 115.8." } ], "value": "A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox \u003c 123, Firefox ESR \u003c 115.8, and Thunderbird \u003c 115.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Fullscreen Notification could have been hidden by select element", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-20T19:23:33.739Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1832627" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2024-1548", "datePublished": "2024-02-20T13:21:34.997Z", "dateReserved": "2024-02-15T18:01:45.269Z", "dateUpdated": "2024-11-05T19:04:38.623Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-32200
Vulnerability from cvelistv5
Published
2022-06-01 05:12
Modified
2024-08-03 07:32
Severity ?
EPSS score ?
Summary
libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c.
References
▼ | URL | Tags |
---|---|---|
https://www.prevanders.net/dwarfbug.html | x_refsource_MISC | |
https://github.com/davea42/libdwarf-code/issues/116 | x_refsource_MISC | |
https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069 | x_refsource_MISC |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T07:32:56.027Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.prevanders.net/dwarfbug.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/davea42/libdwarf-code/issues/116" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-01T05:12:58", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.prevanders.net/dwarfbug.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/davea42/libdwarf-code/issues/116" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-32200", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.prevanders.net/dwarfbug.html", "refsource": "MISC", "url": "https://www.prevanders.net/dwarfbug.html" }, { "name": "https://github.com/davea42/libdwarf-code/issues/116", "refsource": "MISC", "url": "https://github.com/davea42/libdwarf-code/issues/116" }, { "name": "https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069", "refsource": "MISC", "url": "https://github.com/davea42/libdwarf-code/commit/8151575a6ace77d005ca5bb5d71c1bfdba3f7069" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-32200", "datePublished": "2022-06-01T05:12:58", "dateReserved": "2022-06-01T00:00:00", "dateUpdated": "2024-08-03T07:32:56.027Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43785
Vulnerability from cvelistv5
Published
2023-10-10 12:26
Modified
2024-11-23 02:02
Severity ?
EPSS score ?
Summary
A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2145 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2973 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-43785 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2242252 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-43785", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-25T15:44:16.523489Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:26:00.384Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T19:52:11.086Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2145", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2145" }, { "name": "RHSA-2024:2973", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2973" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43785" }, { "name": "RHBZ#2242252", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242252" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231103-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libx11", "defaultStatus": "unaffected", "packageName": "libX11", "versions": [ { "lessThan": "1.8.7", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "libX11", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.6.8-8.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libX11", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.0-9.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libX11", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libX11", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2023-10-04T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T02:02:39.835Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2145", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2145" }, { "name": "RHSA-2024:2973", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2973" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43785" }, { "name": "RHBZ#2242252", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242252" } ], "timeline": [ { "lang": "en", "time": "2023-10-05T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-04T00:00:00+00:00", "value": "Made public." } ], "title": "Libx11: out-of-bounds memory access in _xkbreadkeysyms()", "x_redhatCweChain": "CWE-787: Out-of-bounds Write" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-43785", "datePublished": "2023-10-10T12:26:02.015Z", "dateReserved": "2023-09-22T09:52:31.108Z", "dateUpdated": "2024-11-23T02:02:39.835Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43788
Vulnerability from cvelistv5
Published
2023-10-10 12:26
Modified
2024-11-23 02:03
Severity ?
EPSS score ?
Summary
A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2146 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2217 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2974 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3022 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-43788 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2242248 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:52:11.310Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2146", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2146" }, { "name": "RHSA-2024:2217", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2217" }, { "name": "RHSA-2024:2974", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2974" }, { "name": "RHSA-2024:3022", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3022" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43788" }, { "name": "RHBZ#2242248", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242248" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3KFUQT42R7TB4D7RISNSBQFJGLTQGUL/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFAJTBNO3PAIA6EGZR4PN62H6RLKNDTE/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6FARGWN7VWXXWPXYNEEDJLRR3EWFZ3T/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBCLDYUGLDSVV75ECPIBW7JXOB3747/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libxpm", "defaultStatus": "unaffected", "packageName": "libXpm", "versions": [ { "lessThan": "3.5.17", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "libXpm", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.5.12-11.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "motif", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.4-20.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libXpm", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:3.5.13-10.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "motif", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:2.3.4-28.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libXpm", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libXpm", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "motif", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2023-10-04T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T02:03:08.274Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2146", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2146" }, { "name": "RHSA-2024:2217", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2217" }, { "name": "RHSA-2024:2974", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2974" }, { "name": "RHSA-2024:3022", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3022" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43788" }, { "name": "RHBZ#2242248", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242248" } ], "timeline": [ { "lang": "en", "time": "2023-10-05T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-04T00:00:00+00:00", "value": "Made public." } ], "title": "Libxpm: out of bounds read in xpmcreatexpmimagefrombuffer()", "x_redhatCweChain": "CWE-125: Out-of-bounds Read" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-43788", "datePublished": "2023-10-10T12:26:08.737Z", "dateReserved": "2023-09-22T09:52:31.109Z", "dateUpdated": "2024-11-23T02:03:08.274Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0743
Vulnerability from cvelistv5
Published
2024-01-23 13:48
Modified
2024-08-01 18:18
Severity ?
EPSS score ?
Summary
An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 122 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:18:18.499Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1867408" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "122", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "John Schanck" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox \u003c 122, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9." } ], "value": "An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox \u003c 122, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9." } ], "problemTypes": [ { "descriptions": [ { "description": "Crash in NSS TLS method", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-19T12:02:58.476Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1867408" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2024-0743", "datePublished": "2024-01-23T13:48:20.194Z", "dateReserved": "2024-01-19T16:52:24.775Z", "dateUpdated": "2024-08-01T18:18:18.499Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2616
Vulnerability from cvelistv5
Published
2024-03-19 12:02
Modified
2024-11-04 16:57
Severity ?
EPSS score ?
Summary
To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox ESR |
Version: unspecified < 115.9 |
||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-2616", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-19T14:53:47.493159Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-04T16:57:33.160Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:18:48.123Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846197" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Ryan VanderMeulen and Dan Minor" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR \u003c 115.9 and Thunderbird \u003c 115.9." } ], "value": "To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR \u003c 115.9 and Thunderbird \u003c 115.9." } ], "problemTypes": [ { "descriptions": [ { "description": "Improve handling of out-of-memory conditions in ICU", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-19T12:02:58.997Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1846197" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2024-2616", "datePublished": "2024-03-19T12:02:58.997Z", "dateReserved": "2024-03-18T16:22:38.820Z", "dateUpdated": "2024-11-04T16:57:33.160Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-39170
Vulnerability from cvelistv5
Published
2022-09-02 02:28
Modified
2024-08-03 12:00
Severity ?
EPSS score ?
Summary
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.
References
▼ | URL | Tags |
---|---|---|
https://github.com/davea42/libdwarf-code/issues/132 | x_refsource_MISC | |
https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8 | x_refsource_MISC | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH/ | vendor-advisory, x_refsource_FEDORA |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T12:00:42.570Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/davea42/libdwarf-code/issues/132" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8" }, { "name": "FEDORA-2022-273a86adf0", "tags": [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-09-18T01:06:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/davea42/libdwarf-code/issues/132" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8" }, { "name": "FEDORA-2022-273a86adf0", "tags": [ "vendor-advisory", "x_refsource_FEDORA" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-39170", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://github.com/davea42/libdwarf-code/issues/132", "refsource": "MISC", "url": "https://github.com/davea42/libdwarf-code/issues/132" }, { "name": "https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8", "refsource": "MISC", "url": "https://github.com/davea42/libdwarf-code/commit/60303eb80ecc7747bf29776d545e2a5c5a76f6f8" }, { "name": "FEDORA-2022-273a86adf0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IKUE4XT62AEZ3H5D6GMREYOSCMMRFXBH/" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-39170", "datePublished": "2022-09-02T02:28:53", "dateReserved": "2022-09-02T00:00:00", "dateUpdated": "2024-08-03T12:00:42.570Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-43787
Vulnerability from cvelistv5
Published
2023-10-10 12:26
Modified
2024-12-03 14:50
Severity ?
EPSS score ?
Summary
A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2145 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:2973 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-43787 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2242254 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:52:11.097Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/9" }, { "name": "RHSA-2024:2145", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2145" }, { "name": "RHSA-2024:2973", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2973" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43787" }, { "name": "RHBZ#2242254", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242254" }, { "tags": [ "x_transferred" ], "url": "https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231103-0006/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-43787", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-01-29T18:42:49.281830Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-03T14:50:50.506Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.freedesktop.org/xorg/lib/libx11", "defaultStatus": "unaffected", "packageName": "libX11", "versions": [ { "lessThan": "1.8.7", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "libX11", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.6.8-8.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libX11", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.7.0-9.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libX11", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libX11", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" } ], "datePublic": "2023-10-04T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T02:02:57.256Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2145", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2145" }, { "name": "RHSA-2024:2973", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2973" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-43787" }, { "name": "RHBZ#2242254", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242254" } ], "timeline": [ { "lang": "en", "time": "2023-10-05T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-04T00:00:00+00:00", "value": "Made public." } ], "title": "Libx11: integer overflow in xcreateimage() leading to a heap overflow", "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-43787", "datePublished": "2023-10-10T12:26:08.102Z", "dateReserved": "2023-09-22T09:52:31.108Z", "dateUpdated": "2024-12-03T14:50:50.506Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38408
Vulnerability from cvelistv5
Published
2023-07-20 00:00
Modified
2024-10-15 18:33
Severity ?
EPSS score ?
Summary
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:39:13.525Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://news.ycombinator.com/item?id=36790196" }, { "tags": [ "x_transferred" ], "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent" }, { "tags": [ "x_transferred" ], "url": "https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt" }, { "tags": [ "x_transferred" ], "url": "https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca" }, { "tags": [ "x_transferred" ], "url": "https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8" }, { "tags": [ "x_transferred" ], "url": "https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d" }, { "tags": [ "x_transferred" ], "url": "https://www.openssh.com/txt/release-9.3p2" }, { "tags": [ "x_transferred" ], "url": "https://www.openssh.com/security.html" }, { "name": "GLSA-202307-01", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202307-01" }, { "name": "[oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/20/1" }, { "name": "[oss-security] 20230720 Re: Announce: OpenSSH 9.3p2 released", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/20/2" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html" }, { "name": "FEDORA-2023-878e04f4ae", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/" }, { "name": "FEDORA-2023-79a18e1725", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230803-0010/" }, { "name": "[debian-lts-announce] 20230817 [SECURITY] [DLA 3532-1] openssh security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html" }, { "name": "[oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9" }, { "name": "[oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT213940" }, { "tags": [ "x_transferred" ], "url": "https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-38408", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-15T17:36:21.400489Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-428", "description": "CWE-428 Unquoted Search Path or Element", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-15T18:33:21.591Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-04T05:50:59.479313", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://news.ycombinator.com/item?id=36790196" }, { "url": "https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent" }, { "url": "https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt" }, { "url": "https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca" }, { "url": "https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8" }, { "url": "https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d" }, { "url": "https://www.openssh.com/txt/release-9.3p2" }, { "url": "https://www.openssh.com/security.html" }, { "name": "GLSA-202307-01", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202307-01" }, { "name": "[oss-security] 20230719 Re: CVE-2023-38408: Remote Code Execution in OpenSSH\u0027s forwarded ssh-agent", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/20/1" }, { "name": "[oss-security] 20230720 Re: Announce: OpenSSH 9.3p2 released", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/20/2" }, { "url": "http://packetstormsecurity.com/files/173661/OpenSSH-Forwarded-SSH-Agent-Remote-Code-Execution.html" }, { "name": "FEDORA-2023-878e04f4ae", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAXVQS6ZYTULFAK3TEJHRLKZALJS3AOU/" }, { "name": "FEDORA-2023-79a18e1725", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CEBTJJINE2I3FHAUKKNQWMFGYMLSMWKQ/" }, { "url": "https://security.netapp.com/advisory/ntap-20230803-0010/" }, { "name": "[debian-lts-announce] 20230817 [SECURITY] [DLA 3532-1] openssh security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00021.html" }, { "name": "[oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/9" }, { "name": "[oss-security] 20230922 Re: illumos (or at least danmcd) membership in the distros list", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/09/22/11" }, { "url": "https://support.apple.com/kb/HT213940" }, { "url": "https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-38408", "datePublished": "2023-07-20T00:00:00", "dateReserved": "2023-07-17T00:00:00", "dateUpdated": "2024-10-15T18:33:21.591Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-47038
Vulnerability from cvelistv5
Published
2023-12-18 13:43
Modified
2024-11-27 20:34
Severity ?
EPSS score ?
Summary
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2228 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2024:3128 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-47038 | vdb-entry, x_refsource_REDHAT | |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 | ||
https://bugzilla.redhat.com/show_bug.cgi?id=2249523 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 5.30.0 ≤ Version: 5.36.0 ≤ Version: 5.38.0 ≤ |
||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:01:22.214Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2228", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2228" }, { "name": "RHSA-2024:3128", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:3128" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-47038" }, { "tags": [ "x_transferred" ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746" }, { "name": "RHBZ#2249523", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/" }, { "tags": [ "x_transferred" ], "url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-47038", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-27T20:34:17.016514Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-27T20:34:37.926Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/Perl/perl5", "defaultStatus": "unaffected", "packageName": "perl", "versions": [ { "lessThan": "5.34.3", "status": "affected", "version": "5.30.0", "versionType": "semver" }, { "lessThan": "5.36.3", "status": "affected", "version": "5.36.0", "versionType": "semver" }, { "lessThan": "5.38.2", "status": "affected", "version": "5.38.0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "perl:5.32", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8100020240314121426.9fe1d287", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "perl", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "4:5.32.1-481.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unaffected", "packageName": "perl", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unaffected", "packageName": "perl", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "unaffected", "packageName": "perl", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "perl:5.30/perl", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" } ], "datePublic": "2023-11-25T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "Heap-based Buffer Overflow", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T03:31:40.627Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2228", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2228" }, { "name": "RHSA-2024:3128", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:3128" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-47038" }, { "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746" }, { "name": "RHBZ#2249523", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523" } ], "timeline": [ { "lang": "en", "time": "2023-11-11T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-11-25T00:00:00+00:00", "value": "Made public." } ], "title": "Perl: write past buffer end via illegal user-defined unicode property", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-47038", "datePublished": "2023-12-18T13:43:07.713Z", "dateReserved": "2023-10-30T13:58:15.255Z", "dateUpdated": "2024-11-27T20:34:37.926Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-46846
Vulnerability from cvelistv5
Published
2023-11-03 07:33
Modified
2024-12-18 00:21
Severity ?
EPSS score ?
Summary
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 2.6 ≤ |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T20:53:21.849Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:6266", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6266" }, { "name": "RHSA-2023:6267", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6267" }, { "name": "RHSA-2023:6268", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6268" }, { "name": "RHSA-2023:6748", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6748" }, { "name": "RHSA-2023:6801", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6801" }, { "name": "RHSA-2023:6803", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6803" }, { "name": "RHSA-2023:6804", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6804" }, { "name": "RHSA-2023:6810", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6810" }, { "name": "RHSA-2023:7213", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7213" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-46846" }, { "name": "RHBZ#2245910", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245910" }, { "tags": [ "x_transferred" ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00008.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231130-0002/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-46846", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2023-12-19T21:18:15.819621Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-12-03T14:31:21.611Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/squid-cache/squid", "defaultStatus": "unaffected", "packageName": "squid", "versions": [ { "lessThan": "6.4", "status": "affected", "version": "2.6", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:rhel_els:7" ], "defaultStatus": "affected", "packageName": "squid", "product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "7:3.5.20-17.el7_9.13", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "squid:4", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8080020231030214932.63b34585", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "squid:4", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8090020231030224841.a75119d5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.1::appstream" ], "defaultStatus": "affected", "packageName": "squid:4", "product": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8010020231101141358.c27ad7f8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream" ], "defaultStatus": "affected", "packageName": "squid:4", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8020020231101135052.4cda2c84", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream" ], "defaultStatus": "affected", "packageName": "squid:4", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8020020231101135052.4cda2c84", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream" ], "defaultStatus": "affected", "packageName": "squid:4", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8020020231101135052.4cda2c84", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream" ], "defaultStatus": "affected", "packageName": "squid:4", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8040020231101101624.522a0ee4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream" ], "defaultStatus": "affected", "packageName": "squid:4", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8040020231101101624.522a0ee4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream" ], "defaultStatus": "affected", "packageName": "squid:4", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8040020231101101624.522a0ee4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "squid:4", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "8060020231031165747.ad008a3a", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "squid", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "7:5.5-5.el9_2.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "squid", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "7:5.5-6.el9_3.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::appstream" ], "defaultStatus": "affected", "packageName": "squid", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "7:5.2-1.el9_0.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "affected", "packageName": "squid", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "affected", "packageName": "squid34", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" } ], "datePublic": "2023-10-19T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-18T00:21:04.660Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:6266", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6266" }, { "name": "RHSA-2023:6267", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6267" }, { "name": "RHSA-2023:6268", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6268" }, { "name": "RHSA-2023:6748", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6748" }, { "name": "RHSA-2023:6801", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6801" }, { "name": "RHSA-2023:6803", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6803" }, { "name": "RHSA-2023:6804", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6804" }, { "name": "RHSA-2023:6810", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6810" }, { "name": "RHSA-2023:7213", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7213" }, { "name": "RHSA-2024:11049", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:11049" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-46846" }, { "name": "RHBZ#2245910", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2245910" }, { "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j83v-w3p4-5cqh" } ], "timeline": [ { "lang": "en", "time": "2023-10-24T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-19T00:00:00+00:00", "value": "Made public." } ], "title": "Squid: request/response smuggling in http/1.1 and icap", "x_redhatCweChain": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-46846", "datePublished": "2023-11-03T07:33:16.184Z", "dateReserved": "2023-10-27T08:36:38.158Z", "dateUpdated": "2024-12-18T00:21:04.660Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-41175
Vulnerability from cvelistv5
Published
2023-10-05 18:55
Modified
2024-12-04 07:16
Severity ?
EPSS score ?
Summary
A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2024:2289 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-41175 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2235264 | issue-tracking, x_refsource_REDHAT |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2023-41175", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-29T19:34:04.451018Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:21:32.785Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T18:54:04.334Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:2289", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2289" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-41175" }, { "name": "RHBZ#2235264", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235264" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.com/libtiff/libtiff", "defaultStatus": "unaffected", "packageName": "libtiff", "versions": [ { "lessThan": "4.6.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:4.4.0-12.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "compact-libtiff", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "compat-libtiff3", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "mingw-libtiff", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "Red Hat would like to thank Arie Haenel (Intel ASSERT), Polina Frolov (Intel ASSERT), Yaakov Cohen (Intel ASSERT), and Yocheved Butterman (Intel ASSERT) for reporting this issue." } ], "datePublic": "2023-07-21T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-04T07:16:52.955Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:2289", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2289" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-41175" }, { "name": "RHBZ#2235264", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235264" } ], "timeline": [ { "lang": "en", "time": "2023-07-24T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-07-21T00:00:00+00:00", "value": "Made public." } ], "title": "Libtiff: potential integer overflow in raw2tiff.c", "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-41175", "datePublished": "2023-10-05T18:55:26.876Z", "dateReserved": "2023-08-25T09:21:36.645Z", "dateUpdated": "2024-12-04T07:16:52.955Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-50761
Vulnerability from cvelistv5
Published
2023-12-19 13:38
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Mozilla | Thunderbird |
Version: unspecified < 115.6 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:16:47.304Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865647" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5582" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Marcus Brinkmann" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird \u003c 115.6." } ], "value": "The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird \u003c 115.6." } ], "problemTypes": [ { "descriptions": [ { "description": "S/MIME signature accepted despite mismatching message date", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-19T13:38:35.397Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865647" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/" }, { "url": "https://www.debian.org/security/2023/dsa-5582" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-50761", "datePublished": "2023-12-19T13:38:35.397Z", "dateReserved": "2023-12-12T16:29:47.908Z", "dateUpdated": "2024-08-02T22:16:47.304Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5367
Vulnerability from cvelistv5
Published
2023-10-25 19:46
Modified
2024-11-23 02:41
Severity ?
EPSS score ?
Summary
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 7 |
Unaffected: 0:1.20.4-24.el7_9 < * cpe:/o:redhat:enterprise_linux:7::computenode cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::workstation cpe:/o:redhat:enterprise_linux:7::client |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:59:43.957Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2023:6802", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6802" }, { "name": "RHSA-2023:6808", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:6808" }, { "name": "RHSA-2023:7373", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7373" }, { "name": "RHSA-2023:7388", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7388" }, { "name": "RHSA-2023:7405", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7405" }, { "name": "RHSA-2023:7428", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7428" }, { "name": "RHSA-2023:7436", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7436" }, { "name": "RHSA-2023:7526", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7526" }, { "name": "RHSA-2023:7533", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7533" }, { "name": "RHSA-2024:0010", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0010" }, { "name": "RHSA-2024:0128", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0128" }, { "name": "RHSA-2024:2169", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2169" }, { "name": "RHSA-2024:2170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2170" }, { "name": "RHSA-2024:2995", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2995" }, { "name": "RHSA-2024:2996", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2996" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-5367" }, { "name": "RHBZ#2243091", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243091" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2WS5E7H4A5J3U5YBCTMRPQVGWK5LVH7D/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3RK66CXMXO3PCPDU3GDY5FK4UYHUXQJT/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4YBK3I6SETHETBHDETFWM3VSZUQICIDV/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AKKIE626TZOOPD533EYN47J4RFNHZVOP/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HO2Q2NP6R62ZRQQG3XQ4AXUT7J2EKKKY/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L2RMNR4235YXZZQ2X7Q4MTOZDMZ7BBQU/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SEDJN4VFN57K5POOC7BNVD6L6WUUCSG6/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SN6KV4XGQJRVAOSM5C3CWMVAXO53COIP/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJXNI4BXURC2BKPNAHFJK3C5ZETB7PER/" }, { "tags": [ "x_transferred" ], "url": "https://lists.x.org/archives/xorg-announce/2023-October/003430.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-30" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231130-0004/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5534" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client" ], "defaultStatus": "affected", "packageName": "xorg-x11-server", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.20.4-24.el7_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::workstation", "cpe:/o:redhat:enterprise_linux:7::client" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.8.0-26.el7_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.13.1-2.el8_9.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::crb", "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "xorg-x11-server", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.20.11-22.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "xorg-x11-server-Xwayland", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:21.1.3-15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.1::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.9.0-16.el8_1.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.9.0-15.el8_2.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.9.0-15.el8_2.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.9.0-15.el8_2.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.11.0-8.el8_4.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.11.0-8.el8_4.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.11.0-8.el8_4.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.12.0-6.el8_6.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.8::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.12.0-15.el8_8.1", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.13.1-3.el9_3.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::crb", "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "xorg-x11-server", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.20.11-24.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "xorg-x11-server-Xwayland", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:22.1.9-5.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.11.0-22.el9_0.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.12.0-14.el9_2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "xorg-x11-server", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" } ], "datePublic": "2023-10-25T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T02:41:07.080Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:6802", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6802" }, { "name": "RHSA-2023:6808", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:6808" }, { "name": "RHSA-2023:7373", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7373" }, { "name": "RHSA-2023:7388", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7388" }, { "name": "RHSA-2023:7405", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7405" }, { "name": "RHSA-2023:7428", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7428" }, { "name": "RHSA-2023:7436", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7436" }, { "name": "RHSA-2023:7526", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7526" }, { "name": "RHSA-2023:7533", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7533" }, { "name": "RHSA-2024:0010", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0010" }, { "name": "RHSA-2024:0128", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0128" }, { "name": "RHSA-2024:2169", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2169" }, { "name": "RHSA-2024:2170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2170" }, { "name": "RHSA-2024:2995", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2995" }, { "name": "RHSA-2024:2996", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2996" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-5367" }, { "name": "RHBZ#2243091", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2243091" }, { "url": "https://lists.x.org/archives/xorg-announce/2023-October/003430.html" } ], "timeline": [ { "lang": "en", "time": "2023-10-03T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-10-25T00:00:00+00:00", "value": "Made public." } ], "title": "Xorg-x11-server: out-of-bounds write in xichangedeviceproperty/rrchangeoutputproperty", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-787: Out-of-bounds Write" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-5367", "datePublished": "2023-10-25T19:46:58.494Z", "dateReserved": "2023-10-03T19:20:29.874Z", "dateUpdated": "2024-11-23T02:41:07.080Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-5517
Vulnerability from cvelistv5
Published
2024-02-13 14:04
Modified
2024-08-22 13:56
Severity ?
EPSS score ?
Summary
A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:
- `nxdomain-redirect <domain>;` is configured, and
- the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.
This issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T07:59:44.936Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "CVE-2023-5517", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://kb.isc.org/docs/cve-2023-5517" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240503-0006/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:isc:bind_9:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "bind_9", "vendor": "isc", "versions": [ { "lessThanOrEqual": "9.16.45", "status": "affected", "version": "9.12.0", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.19", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.45-S1", "status": "affected", "version": "9.16.8-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21-S1", "status": "affected", "version": "9.18.11-S1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-5517", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-22T13:32:01.260266Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-22T13:56:51.119Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "BIND 9", "vendor": "ISC", "versions": [ { "lessThanOrEqual": "9.16.45", "status": "affected", "version": "9.12.0", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21", "status": "affected", "version": "9.18.0", "versionType": "custom" }, { "lessThanOrEqual": "9.19.19", "status": "affected", "version": "9.19.0", "versionType": "custom" }, { "lessThanOrEqual": "9.16.45-S1", "status": "affected", "version": "9.16.8-S1", "versionType": "custom" }, { "lessThanOrEqual": "9.18.21-S1", "status": "affected", "version": "9.18.11-S1", "versionType": "custom" } ] } ], "datePublic": "2024-02-13T00:00:00Z", "descriptions": [ { "lang": "en", "value": "A flaw in query-handling code can cause `named` to exit prematurely with an assertion failure when:\n\n - `nxdomain-redirect \u003cdomain\u003e;` is configured, and\n - the resolver receives a PTR query for an RFC 1918 address that would normally result in an authoritative NXDOMAIN response.\nThis issue affects BIND 9 versions 9.12.0 through 9.16.45, 9.18.0 through 9.18.21, 9.19.0 through 9.19.19, 9.16.8-S1 through 9.16.45-S1, and 9.18.11-S1 through 9.18.21-S1." } ], "exploits": [ { "lang": "en", "value": "We are not aware of any active exploits." } ], "impacts": [ { "descriptions": [ { "lang": "en", "value": "If both of the above conditions are met, a single suitable query will cause `named` to crash." } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "providerMetadata": { "dateUpdated": "2024-02-13T14:04:54.389Z", "orgId": "404fd4d2-a609-4245-b543-2c944a302a22", "shortName": "isc" }, "references": [ { "name": "CVE-2023-5517", "tags": [ "vendor-advisory" ], "url": "https://kb.isc.org/docs/cve-2023-5517" }, { "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/" }, { "url": "https://security.netapp.com/advisory/ntap-20240503-0006/" } ], "solutions": [ { "lang": "en", "value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.16.48, 9.18.24, 9.19.21, 9.16.48-S1, or 9.18.24-S1." } ], "source": { "discovery": "EXTERNAL" }, "title": "Querying RFC 1918 reverse zones may cause an assertion failure when \"nxdomain-redirect\" is enabled", "workarounds": [ { "lang": "en", "value": "Disabling the `nxdomain-redirect` feature makes the faulty code path impossible to reach, preventing this flaw from being exploitable." } ] } }, "cveMetadata": { "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22", "assignerShortName": "isc", "cveId": "CVE-2023-5517", "datePublished": "2024-02-13T14:04:54.389Z", "dateReserved": "2023-10-11T07:02:42.359Z", "dateUpdated": "2024-08-22T13:56:51.119Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21094
Vulnerability from cvelistv5
Published
2024-04-16 21:26
Modified
2024-08-01 22:13
Severity ?
EPSS score ?
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Oracle Corporation | Java SE JDK and JRE |
Version: Oracle Java SE:8u401 Version: Oracle Java SE:8u401-perf Version: Oracle Java SE:11.0.22 Version: Oracle Java SE:17.0.10 Version: Oracle Java SE:21.0.2 Version: Oracle Java SE:22 Version: Oracle GraalVM for JDK:17.0.10 Version: Oracle GraalVM for JDK:21.0.2 Version: Oracle GraalVM for JDK:22 Version: Oracle GraalVM Enterprise Edition:20.3.13 Version: Oracle GraalVM Enterprise Edition:21.3.9 cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:* cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:* cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:* cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:* |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21094", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-23T13:58:54.491709Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-349", "description": "CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:37:51.570Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:13:42.604Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:8u401:*:*:*:enterprise_performance:*:*:*", "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:graalvm:20.3.13:*:*:*:enterprise:*:*:*", "cpe:2.3:a:oracle:graalvm:21.3.9:*:*:*:enterprise:*:*:*" ], "product": "Java SE JDK and JRE", "vendor": "Oracle Corporation", "versions": [ { "status": "affected", "version": "Oracle Java SE:8u401" }, { "status": "affected", "version": "Oracle Java SE:8u401-perf" }, { "status": "affected", "version": "Oracle Java SE:11.0.22" }, { "status": "affected", "version": "Oracle Java SE:17.0.10" }, { "status": "affected", "version": "Oracle Java SE:21.0.2" }, { "status": "affected", "version": "Oracle Java SE:22" }, { "status": "affected", "version": "Oracle GraalVM for JDK:17.0.10" }, { "status": "affected", "version": "Oracle GraalVM for JDK:21.0.2" }, { "status": "affected", "version": "Oracle GraalVM for JDK:22" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:20.3.13" }, { "status": "affected", "version": "Oracle GraalVM Enterprise Edition:21.3.9" } ] } ], "descriptions": [ { "lang": "en-US", "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data.", "lang": "en-US" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-16T21:26:30.112Z", "orgId": "43595867-4340-4103-b7a2-9a5208d29a85", "shortName": "oracle" }, "references": [ { "name": "Oracle Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2024.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00014.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240426-0004/" } ] } }, "cveMetadata": { "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85", "assignerShortName": "oracle", "cveId": "CVE-2024-21094", "datePublished": "2024-04-16T21:26:30.112Z", "dateReserved": "2023-12-07T22:28:10.672Z", "dateUpdated": "2024-08-01T22:13:42.604Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2611
Vulnerability from cvelistv5
Published
2024-03-19 12:02
Modified
2024-12-06 18:24
Severity ?
EPSS score ?
Summary
A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 124 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-2611", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-19T15:54:02.538184Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-06T18:24:44.875Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:18:47.977Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1876675" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "124", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Hafiizh" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9." } ], "value": "A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9." } ], "problemTypes": [ { "descriptions": [ { "description": "Clickjacking vulnerability could have led to a user accidentally granting permissions", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-19T12:02:55.649Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1876675" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2024-2611", "datePublished": "2024-03-19T12:02:55.649Z", "dateReserved": "2024-03-18T16:22:30.751Z", "dateUpdated": "2024-12-06T18:24:44.875Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0746
Vulnerability from cvelistv5
Published
2024-01-23 13:48
Modified
2024-08-01 18:18
Severity ?
EPSS score ?
Summary
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 122 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:18:18.224Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1660223" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-02/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-04/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "122", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Cornel Ionce" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox \u003c 122, Firefox ESR \u003c 115.7, and Thunderbird \u003c 115.7." } ], "value": "A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox \u003c 122, Firefox ESR \u003c 115.7, and Thunderbird \u003c 115.7." } ], "problemTypes": [ { "descriptions": [ { "description": "Crash when listing printers on Linux", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-23T13:48:16.400Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1660223" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-02/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-04/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2024-0746", "datePublished": "2024-01-23T13:48:16.400Z", "dateReserved": "2024-01-19T16:52:25.361Z", "dateUpdated": "2024-08-01T18:18:18.224Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-22218
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 18:09
Severity ?
EPSS score ?
Summary
An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T14:51:10.505Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/libssh2/libssh2/pull/476" }, { "name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20231006-0002/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-22218", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-03T18:09:15.416860Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-03T18:09:37.723Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-06T14:06:28.672674", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/libssh2/libssh2/pull/476" }, { "name": "[debian-lts-announce] 20230908 [SECURITY] [DLA 3559-1] libssh2 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00006.html" }, { "url": "https://security.netapp.com/advisory/ntap-20231006-0002/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-22218", "datePublished": "2023-08-22T00:00:00", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-10-03T18:09:37.723Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0727
Vulnerability from cvelistv5
Published
2024-01-26 08:57
Modified
2024-10-14 14:55
Severity ?
EPSS score ?
Summary
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL
to crash leading to a potential Denial of Service attack
Impact summary: Applications loading files in the PKCS12 format from untrusted
sources might terminate abruptly.
A file in PKCS12 format can contain certificates and keys and may come from an
untrusted source. The PKCS12 specification allows certain fields to be NULL, but
OpenSSL does not correctly check for this case. This can lead to a NULL pointer
dereference that results in OpenSSL crashing. If an application processes PKCS12
files from an untrusted source using the OpenSSL APIs then that application will
be vulnerable to this issue.
OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
function is related to writing data we do not consider it security significant.
The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:18:17.369Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.openssl.org/news/secadv/20240125.txt" }, { "name": "3.2.1 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a" }, { "name": "3.1.5 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c" }, { "name": "3.0.13 git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2" }, { "name": "1.1.1x git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8" }, { "name": "1.0.2zj git commit", "tags": [ "patch", "x_transferred" ], "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240208-0006/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "OpenSSL", "vendor": "OpenSSL", "versions": [ { "lessThan": "3.2.1", "status": "affected", "version": "3.2.0", "versionType": "semver" }, { "lessThan": "3.1.5", "status": "affected", "version": "3.1.0", "versionType": "semver" }, { "lessThan": "3.0.13", "status": "affected", "version": "3.0.0", "versionType": "semver" }, { "lessThan": "1.1.1x", "status": "affected", "version": "1.1.1", "versionType": "custom" }, { "lessThan": "1.0.2zj", "status": "affected", "version": "1.0.2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bahaa Naamneh (Crosspoint Labs)" }, { "lang": "en", "type": "remediation developer", "user": "00000000-0000-4000-9000-000000000000", "value": "Matt Caswell" } ], "datePublic": "2024-01-25T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\u003cbr\u003eto crash leading to a potential Denial of Service attack\u003cbr\u003e\u003cbr\u003eImpact summary: Applications loading files in the PKCS12 format from untrusted\u003cbr\u003esources might terminate abruptly.\u003cbr\u003e\u003cbr\u003eA file in PKCS12 format can contain certificates and keys and may come from an\u003cbr\u003euntrusted source. The PKCS12 specification allows certain fields to be NULL, but\u003cbr\u003eOpenSSL does not correctly check for this case. This can lead to a NULL pointer\u003cbr\u003edereference that results in OpenSSL crashing. If an application processes PKCS12\u003cbr\u003efiles from an untrusted source using the OpenSSL APIs then that application will\u003cbr\u003ebe vulnerable to this issue.\u003cbr\u003e\u003cbr\u003eOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\u003cbr\u003ePKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\u003cbr\u003eand PKCS12_newpass().\u003cbr\u003e\u003cbr\u003eWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\u003cbr\u003efunction is related to writing data we do not consider it security significant.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue." } ], "value": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue." } ], "metrics": [ { "format": "other", "other": { "content": { "text": "Low" }, "type": "https://www.openssl.org/policies/secpolicy.html" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-14T14:55:58.371Z", "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "shortName": "openssl" }, "references": [ { "name": "OpenSSL Advisory", "tags": [ "vendor-advisory" ], "url": "https://www.openssl.org/news/secadv/20240125.txt" }, { "name": "3.2.1 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a" }, { "name": "3.1.5 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c" }, { "name": "3.0.13 git commit", "tags": [ "patch" ], "url": "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2" }, { "name": "1.1.1x git commit", "tags": [ "patch" ], "url": "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8" }, { "name": "1.0.2zj git commit", "tags": [ "patch" ], "url": "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539" } ], "source": { "discovery": "UNKNOWN" }, "title": "PKCS12 Decoding crashes", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5", "assignerShortName": "openssl", "cveId": "CVE-2024-0727", "datePublished": "2024-01-26T08:57:19.579Z", "dateReserved": "2024-01-19T11:01:11.010Z", "dateUpdated": "2024-10-14T14:55:58.371Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-46809
Vulnerability from cvelistv5
Published
2024-09-07 16:03
Modified
2024-09-09 18:00
Severity ?
EPSS score ?
Summary
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Node | https://github.com/nodejs/node |
Version: 21.6.0 ≤ 21.6.0 Version: 20.11.0 ≤ 20.11.0 Version: 18.19.0 ≤ 18.19.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:nodejs:nodejs:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "nodejs", "vendor": "nodejs", "versions": [ { "lessThanOrEqual": "18.19.0", "status": "affected", "version": "18.0", "versionType": "semver" }, { "lessThanOrEqual": "20.11.0", "status": "affected", "version": "20.0", "versionType": "semver" }, { "lessThanOrEqual": "21.6.0", "status": "affected", "version": "21.0", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-46809", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T17:40:41.999808Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-385", "description": "CWE-385 Covert Timing Channel", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-09T18:00:37.229Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "https://github.com/nodejs/node", "vendor": "Node", "versions": [ { "lessThanOrEqual": "21.6.0", "status": "affected", "version": "21.6.0", "versionType": "semver" }, { "lessThanOrEqual": "20.11.0", "status": "affected", "version": "20.11.0", "versionType": "semver" }, { "lessThanOrEqual": "18.19.0", "status": "affected", "version": "18.19.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key." } ], "providerMetadata": { "dateUpdated": "2024-09-07T16:03:32.996Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2023-46809", "datePublished": "2024-09-07T16:03:32.996Z", "dateReserved": "2023-10-27T01:00:13.401Z", "dateUpdated": "2024-09-09T18:00:37.229Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46285
Vulnerability from cvelistv5
Published
2023-02-07 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:44.437Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160092" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9" }, { "tags": [ "x_transferred" ], "url": "https://lists.x.org/archives/xorg-announce/2023-January/003312.html" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148" }, { "name": "[debian-lts-announce] 20230620 [SECURITY] [DLA 3459-1] libxpm security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html" }, { "name": "[oss-security] 20231003 Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 \u0026 libXpm prior to 3.5.17", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/1" }, { "name": "[oss-security] 20231003 Re: Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 \u0026 libXpm prior to 3.5.17", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/10" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "libXpm", "vendor": "n/a", "versions": [ { "status": "affected", "version": "3.5.15" } ] } ], "descriptions": [ { "lang": "en", "value": "A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "CWE-835", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-10-03T23:06:19.094668", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160092" }, { "url": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/merge_requests/9" }, { "url": "https://lists.x.org/archives/xorg-announce/2023-January/003312.html" }, { "url": "https://gitlab.freedesktop.org/xorg/lib/libxpm/-/commit/a3a7c6dcc3b629d7650148" }, { "name": "[debian-lts-announce] 20230620 [SECURITY] [DLA 3459-1] libxpm security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00021.html" }, { "name": "[oss-security] 20231003 Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 \u0026 libXpm prior to 3.5.17", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/1" }, { "name": "[oss-security] 20231003 Re: Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 \u0026 libXpm prior to 3.5.17", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2023/10/03/10" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-46285", "datePublished": "2023-02-07T00:00:00", "dateReserved": "2023-01-09T00:00:00", "dateUpdated": "2024-08-03T14:31:44.437Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6478
Vulnerability from cvelistv5
Published
2023-12-13 06:27
Modified
2024-11-23 02:52
Severity ?
EPSS score ?
Summary
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Enterprise Linux 7 |
Unaffected: 0:1.8.0-28.el7_9 < * cpe:/o:redhat:enterprise_linux:7::client cpe:/o:redhat:enterprise_linux:7::server cpe:/o:redhat:enterprise_linux:7::computenode cpe:/o:redhat:enterprise_linux:7::workstation |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:28:21.864Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/13/1" }, { "name": "RHSA-2023:7886", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2023:7886" }, { "name": "RHSA-2024:0006", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0006" }, { "name": "RHSA-2024:0009", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0009" }, { "name": "RHSA-2024:0010", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0010" }, { "name": "RHSA-2024:0014", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0014" }, { "name": "RHSA-2024:0015", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0015" }, { "name": "RHSA-2024:0016", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0016" }, { "name": "RHSA-2024:0017", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0017" }, { "name": "RHSA-2024:0018", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0018" }, { "name": "RHSA-2024:0020", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:0020" }, { "name": "RHSA-2024:2169", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2169" }, { "name": "RHSA-2024:2170", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2170" }, { "name": "RHSA-2024:2995", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2995" }, { "name": "RHSA-2024:2996", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:2996" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6478" }, { "name": "RHBZ#2253298", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253298" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00008.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R63Z6GIWM3YUNZRCGFODUXLW3GY2HD6/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PP47YXKM5ETLCYEF6473R3VFCJ6QT2S/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFHV5KCQ2SVOD4QMCPZ5HC6YL44L7YJD/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJDFWDB7EQVZA45XDP7L5WRSRWS6RVRR/" }, { "tags": [ "x_transferred" ], "url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-30" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240125-0003/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5576" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::workstation" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.8.0-28.el7_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::workstation" ], "defaultStatus": "affected", "packageName": "xorg-x11-server", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.20.4-25.el7_9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.13.1-2.el8_9.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::crb" ], "defaultStatus": "affected", "packageName": "xorg-x11-server", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.20.11-22.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:8::appstream" ], "defaultStatus": "affected", "packageName": "xorg-x11-server-Xwayland", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:21.1.3-15.el8", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.9.0-15.el8_2.6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.9.0-15.el8_2.6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.9.0-15.el8_2.6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.11.0-8.el8_4.5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.11.0-8.el8_4.5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.11.0-8.el8_4.5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.6::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.12.0-6.el8_6.6", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:8.8::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.12.0-15.el8_8.4", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.13.1-3.el9_3.3", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb" ], "defaultStatus": "affected", "packageName": "xorg-x11-server", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.20.11-24.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:enterprise_linux:9::appstream" ], "defaultStatus": "affected", "packageName": "xorg-x11-server-Xwayland", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:22.1.9-5.el9", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.0::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.11.0-22.el9_0.5", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhel_eus:9.2::appstream" ], "defaultStatus": "affected", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "0:1.12.0-14.el9_2.2", "versionType": "rpm" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "tigervnc", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "xorg-x11-server", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Peter Hutterer (Red Hat)." } ], "datePublic": "2023-12-13T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-23T02:52:01.579Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2023:7886", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2023:7886" }, { "name": "RHSA-2024:0006", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0006" }, { "name": "RHSA-2024:0009", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0009" }, { "name": "RHSA-2024:0010", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0010" }, { "name": "RHSA-2024:0014", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0014" }, { "name": "RHSA-2024:0015", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0015" }, { "name": "RHSA-2024:0016", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0016" }, { "name": "RHSA-2024:0017", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0017" }, { "name": "RHSA-2024:0018", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0018" }, { "name": "RHSA-2024:0020", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:0020" }, { "name": "RHSA-2024:2169", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2169" }, { "name": "RHSA-2024:2170", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2170" }, { "name": "RHSA-2024:2995", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2995" }, { "name": "RHSA-2024:2996", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:2996" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-6478" }, { "name": "RHBZ#2253298", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2253298" }, { "url": "https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632" }, { "url": "https://lists.x.org/archives/xorg-announce/2023-December/003435.html" } ], "timeline": [ { "lang": "en", "time": "2023-11-30T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-12-13T00:00:00+00:00", "value": "Made public." } ], "title": "Xorg-x11-server: out-of-bounds memory read in rrchangeoutputproperty and rrchangeproviderproperty", "workarounds": [ { "lang": "en", "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability." } ], "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-6478", "datePublished": "2023-12-13T06:27:41.017Z", "dateReserved": "2023-12-04T06:40:47.239Z", "dateUpdated": "2024-11-23T02:52:01.579Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21891
Vulnerability from cvelistv5
Published
2024-02-20 01:31
Modified
2024-08-01 22:35
Severity ?
EPSS score ?
Summary
Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.
This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21891", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-20T15:01:31.150243Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:38:01.954Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:35:33.379Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://hackerone.com/reports/2259914" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240315-0005/" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Node.js", "vendor": "Node.js", "versions": [ { "lessThanOrEqual": "21.6.0", "status": "affected", "version": "21.6.0", "versionType": "semver" }, { "lessThanOrEqual": "20.11.0", "status": "affected", "version": "20.11.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.\nThis vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js." } ], "metrics": [ { "cvssV3_0": { "baseScore": 7.9, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.0" } } ], "providerMetadata": { "dateUpdated": "2024-02-20T01:31:08.152Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://hackerone.com/reports/2259914" }, { "url": "https://security.netapp.com/advisory/ntap-20240315-0005/" }, { "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2024-21891", "datePublished": "2024-02-20T01:31:08.152Z", "dateReserved": "2024-01-03T01:04:06.539Z", "dateUpdated": "2024-08-01T22:35:33.379Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-49286
Vulnerability from cvelistv5
Published
2023-12-04 22:53
Modified
2024-08-02 21:53
Severity ?
EPSS score ?
Summary
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | squid-cache | squid |
Version: < 6.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T21:53:45.223Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27", "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27" }, { "name": "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264" }, { "name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch", "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240119-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "squid", "vendor": "squid-cache", "versions": [ { "status": "affected", "version": "\u003c 6.5" } ] } ], "descriptions": [ { "lang": "en", "value": "Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to an Incorrect Check of Function Return Value bug Squid is vulnerable to a Denial of Service attack against its Helper process management. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-617", "description": "CWE-617: Reachable Assertion", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-253", "description": "CWE-253: Incorrect Check of Function Return Value", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-04T22:53:44.827Z", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M" }, "references": [ { "name": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27", "tags": [ "x_refsource_CONFIRM" ], "url": "https://github.com/squid-cache/squid/security/advisories/GHSA-xggx-9329-3c27" }, { "name": "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264", "tags": [ "x_refsource_MISC" ], "url": "https://github.com/squid-cache/squid/commit/6014c6648a2a54a4ecb7f952ea1163e0798f9264" }, { "name": "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch", "tags": [ "x_refsource_MISC" ], "url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_8.patch" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MEV66D3PAAY6K7TWDT3WZBLCPLASFJDC/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240119-0004/" } ], "source": { "advisory": "GHSA-xggx-9329-3c27", "discovery": "UNKNOWN" }, "title": "Denial of Service in Helper Process management" } }, "cveMetadata": { "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2023-49286", "datePublished": "2023-12-04T22:53:44.827Z", "dateReserved": "2023-11-24T16:45:24.312Z", "dateUpdated": "2024-08-02T21:53:45.223Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-39326
Vulnerability from cvelistv5
Published
2023-12-06 16:27
Modified
2024-08-02 18:02
Severity ?
EPSS score ?
Summary
A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Go standard library | net/http/internal |
Version: 0 ≤ Version: 1.21.0-0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:02:06.808Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://go.dev/issue/64433" }, { "tags": [ "x_transferred" ], "url": "https://go.dev/cl/547335" }, { "tags": [ "x_transferred" ], "url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ" }, { "tags": [ "x_transferred" ], "url": "https://pkg.go.dev/vuln/GO-2023-2382" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "net/http/internal", "product": "net/http/internal", "programRoutines": [ { "name": "chunkedReader.beginChunk" }, { "name": "readChunkLine" }, { "name": "chunkedReader.Read" } ], "vendor": "Go standard library", "versions": [ { "lessThan": "1.20.12", "status": "affected", "version": "0", "versionType": "semver" }, { "lessThan": "1.21.5", "status": "affected", "version": "1.21.0-0", "versionType": "semver" } ] } ], "credits": [ { "lang": "en", "value": "Bartek Nowotarski" } ], "descriptions": [ { "lang": "en", "value": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small." } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-06T16:27:53.832Z", "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go" }, "references": [ { "url": "https://go.dev/issue/64433" }, { "url": "https://go.dev/cl/547335" }, { "url": "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ" }, { "url": "https://pkg.go.dev/vuln/GO-2023-2382" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/" } ], "title": "Denial of service via chunk extensions in net/http" } }, "cveMetadata": { "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "assignerShortName": "Go", "cveId": "CVE-2023-39326", "datePublished": "2023-12-06T16:27:53.832Z", "dateReserved": "2023-07-27T17:05:55.188Z", "dateUpdated": "2024-08-02T18:02:06.808Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2605
Vulnerability from cvelistv5
Published
2024-03-19 12:02
Modified
2024-08-28 15:06
Severity ?
EPSS score ?
Summary
An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 124 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T19:18:48.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1872920" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "firefox", "vendor": "mozilla", "versions": [ { "lessThan": "124", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "firefox_esr", "vendor": "mozilla", "versions": [ { "lessThan": "115.9", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "thunderbird", "vendor": "mozilla", "versions": [ { "lessThan": "115.9", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-2605", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-03-19T14:48:39.914518Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-28T15:06:41.192Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "124", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "goodbyeselene" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9." } ], "value": "An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9." } ], "problemTypes": [ { "descriptions": [ { "description": "Windows Error Reporter could be used as a Sandbox escape vector", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-19T12:02:51.825Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1872920" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2024-2605", "datePublished": "2024-03-19T12:02:51.825Z", "dateReserved": "2024-03-18T16:16:17.384Z", "dateUpdated": "2024-08-28T15:06:41.192Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2014-10402
Vulnerability from cvelistv5
Published
2020-09-16 15:55
Modified
2024-08-06 14:10
Severity ?
EPSS score ?
Summary
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
References
▼ | URL | Tags |
---|---|---|
https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590 | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2022/05/msg00046.html | mailing-list, x_refsource_MLIST |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T14:10:54.834Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590" }, { "name": "[debian-lts-announce] 20220530 [SECURITY] [DLA 3035-1] libdbi-perl security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00046.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-05-30T21:06:15", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590" }, { "name": "[debian-lts-announce] 20220530 [SECURITY] [DLA 3035-1] libdbi-perl security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00046.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-10402", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590", "refsource": "MISC", "url": "https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590" }, { "name": "[debian-lts-announce] 20220530 [SECURITY] [DLA 3035-1] libdbi-perl security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00046.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-10402", "datePublished": "2020-09-16T15:55:20", "dateReserved": "2020-09-16T00:00:00", "dateUpdated": "2024-08-06T14:10:54.834Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-2610
Vulnerability from cvelistv5
Published
2024-03-19 12:02
Modified
2024-11-06 15:39
Severity ?
EPSS score ?
Summary
Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 124 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-2610", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-18T14:53:51.712093Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-06T15:39:12.070Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:18:47.766Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871112" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "124", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Georg Felber and Marco Squarcina (TU Wien)" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9." } ], "value": "Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox \u003c 124, Firefox ESR \u003c 115.9, and Thunderbird \u003c 115.9." } ], "problemTypes": [ { "descriptions": [ { "description": "Improper handling of html and body tags enabled CSP nonce leakage", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-19T12:02:55.079Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871112" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-12/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2024-2610", "datePublished": "2024-03-19T12:02:55.079Z", "dateReserved": "2024-03-18T16:22:28.164Z", "dateUpdated": "2024-11-06T15:39:12.070Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0747
Vulnerability from cvelistv5
Published
2024-01-23 13:48
Modified
2024-10-18 16:03
Severity ?
EPSS score ?
Summary
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 122 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:18:17.903Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1764343" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-02/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-04/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-0747", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-01-23T20:11:17.539926Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-18T16:03:29.232Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "122", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Seongil Wi" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "When a parent page loaded a child in an iframe with \u003ccode\u003eunsafe-inline\u003c/code\u003e, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox \u003c 122, Firefox ESR \u003c 115.7, and Thunderbird \u003c 115.7." } ], "value": "When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox \u003c 122, Firefox ESR \u003c 115.7, and Thunderbird \u003c 115.7." } ], "problemTypes": [ { "descriptions": [ { "description": "Bypass of Content Security Policy when directive unsafe-inline was set", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-23T13:48:16.960Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1764343" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-02/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-04/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2024-0747", "datePublished": "2024-01-23T13:48:16.960Z", "dateReserved": "2024-01-19T16:52:25.524Z", "dateUpdated": "2024-10-18T16:03:29.232Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1550
Vulnerability from cvelistv5
Published
2024-02-20 13:21
Modified
2024-08-01 18:40
Severity ?
EPSS score ?
Summary
A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 123 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-1550", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-20T16:17:48.843306Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:44.306Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:40:21.314Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1860065" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "123", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Hafiizh" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A malicious website could have used a combination of exiting fullscreen mode and \u003ccode\u003erequestPointerLock\u003c/code\u003e to cause the user\u0027s mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox \u003c 123, Firefox ESR \u003c 115.8, and Thunderbird \u003c 115.8." } ], "value": "A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user\u0027s mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox \u003c 123, Firefox ESR \u003c 115.8, and Thunderbird \u003c 115.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Mouse cursor re-positioned unexpectedly could have led to unintended permission grants", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-20T19:23:36.552Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1860065" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2024-1550", "datePublished": "2024-02-20T13:21:35.887Z", "dateReserved": "2024-02-15T18:01:49.360Z", "dateUpdated": "2024-08-01T18:40:21.314Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-1551
Vulnerability from cvelistv5
Published
2024-02-20 13:21
Modified
2024-11-19 22:09
Severity ?
EPSS score ?
Summary
Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox |
Version: unspecified < 123 |
||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-1551", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-21T19:24:43.029482Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-565", "description": "CWE-565 Reliance on Cookies without Validation and Integrity Checking", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-19T22:09:39.430Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T18:40:21.333Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864385" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-05/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "123", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Johan Carlsson" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox \u003c 123, Firefox ESR \u003c 115.8, and Thunderbird \u003c 115.8." } ], "value": "Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox \u003c 123, Firefox ESR \u003c 115.8, and Thunderbird \u003c 115.8." } ], "problemTypes": [ { "descriptions": [ { "description": "Multipart HTTP Responses would accept the Set-Cookie header in response parts", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-20T19:23:38.186Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864385" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-05/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-06/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2024-07/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2024-1551", "datePublished": "2024-02-20T13:21:36.343Z", "dateReserved": "2024-02-15T18:01:51.754Z", "dateUpdated": "2024-11-19T22:09:39.430Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-0211
Vulnerability from cvelistv5
Published
2024-01-03 07:31
Modified
2024-10-03 06:23
Severity ?
EPSS score ?
Summary
DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Wireshark Foundation | Wireshark |
Version: 4.2.0 ≤ |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T17:41:16.216Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html" }, { "name": "GitLab Issue #19557", "tags": [ "issue-tracking", "x_transferred" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19557" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [ { "lessThan": "4.2.1", "status": "affected", "version": "4.2.0", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-03T06:23:17.810Z", "orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab" }, "references": [ { "url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html" }, { "name": "GitLab Issue #19557", "tags": [ "issue-tracking" ], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19557" } ], "solutions": [ { "lang": "en", "value": "Upgrade to versions 4.2.0 or above." } ], "title": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) in Wireshark" } }, "cveMetadata": { "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "cveId": "CVE-2024-0211", "datePublished": "2024-01-03T07:31:30.639Z", "dateReserved": "2024-01-03T07:31:05.652Z", "dateUpdated": "2024-10-03T06:23:17.810Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-49993
Vulnerability from cvelistv5
Published
2023-12-12 00:00
Modified
2024-08-02 22:09
Severity ?
EPSS score ?
Summary
Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:09:49.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/espeak-ng/espeak-ng/issues/1826" }, { "name": "FEDORA-2024-5661c87b25", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/" }, { "name": "FEDORA-2024-698737a3c5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-19T04:06:52.241317", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://github.com/espeak-ng/espeak-ng/issues/1826" }, { "name": "FEDORA-2024-5661c87b25", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z5WW6RKHRWLEMCKCQ6UZCXWC5J7UWMUQ/" }, { "name": "FEDORA-2024-698737a3c5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2PZEBWPNKPAYJMIM3AS2RP3FL6FX3HS4/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-49993", "datePublished": "2023-12-12T00:00:00", "dateReserved": "2023-12-04T00:00:00", "dateUpdated": "2024-08-02T22:09:49.577Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-52355
Vulnerability from cvelistv5
Published
2024-01-25 20:03
Modified
2024-12-18 15:16
Severity ?
EPSS score ?
Summary
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/security/cve/CVE-2023-52355 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2251326 | issue-tracking, x_refsource_REDHAT | |
https://gitlab.com/libtiff/libtiff/-/issues/621 |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 0 ≤ |
||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T22:55:41.592Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2023-52355" }, { "name": "RHBZ#2251326", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251326" }, { "tags": [ "x_transferred" ], "url": "https://gitlab.com/libtiff/libtiff/-/issues/621" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://gitlab.com/libtiff/libtiff", "defaultStatus": "unaffected", "packageName": "libtiff", "versions": [ { "lessThan": "4.6.0", "status": "affected", "version": "0", "versionType": "semver" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:6" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 6", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "compat-libtiff3", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:7" ], "defaultStatus": "unknown", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "compat-libtiff3", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:8" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/o:redhat:enterprise_linux:9" ], "defaultStatus": "affected", "packageName": "libtiff", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat" } ], "datePublic": "2023-11-03T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-18T15:16:08.453Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2023-52355" }, { "name": "RHBZ#2251326", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251326" }, { "url": "https://gitlab.com/libtiff/libtiff/-/issues/621" } ], "timeline": [ { "lang": "en", "time": "2023-11-24T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2023-11-03T00:00:00+00:00", "value": "Made public." } ], "title": "Libtiff: tiffrasterscanlinesize64 produce too-big size and could cause oom", "x_redhatCweChain": "CWE-787: Out-of-bounds Write" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2023-52355", "datePublished": "2024-01-25T20:03:35.031Z", "dateReserved": "2024-01-24T14:08:49.010Z", "dateUpdated": "2024-12-18T15:16:08.453Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-6858
Vulnerability from cvelistv5
Published
2023-12-19 13:38
Modified
2024-08-02 08:42
Severity ?
EPSS score ?
Summary
Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
References
Impacted products
Vendor | Product | Version | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Mozilla | Firefox ESR |
Version: unspecified < 115.6 |
||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:42:07.449Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826791" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/" }, { "tags": [ "x_transferred" ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5581" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5582" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202401-10" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Firefox ESR", "vendor": "Mozilla", "versions": [ { "lessThan": "115.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Thunderbird", "vendor": "Mozilla", "versions": [ { "lessThan": "115.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Firefox", "vendor": "Mozilla", "versions": [ { "lessThan": "121", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Irvan Kurniawan" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Firefox was susceptible to a heap buffer overflow in \u003ccode\u003ensTextFragment\u003c/code\u003e due to insufficient OOM handling. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121." } ], "value": "Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121." } ], "problemTypes": [ { "descriptions": [ { "description": "Heap buffer overflow in nsTextFragment", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-19T16:42:15.154Z", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla" }, "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1826791" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-54/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-55/" }, { "url": "https://www.mozilla.org/security/advisories/mfsa2023-56/" }, { "url": "https://www.debian.org/security/2023/dsa-5581" }, { "url": "https://www.debian.org/security/2023/dsa-5582" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00020.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00021.html" }, { "url": "https://security.gentoo.org/glsa/202401-10" } ] } }, "cveMetadata": { "assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2023-6858", "datePublished": "2023-12-19T13:38:38.757Z", "dateReserved": "2023-12-15T17:42:55.349Z", "dateUpdated": "2024-08-02T08:42:07.449Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-46344
Vulnerability from cvelistv5
Published
2022-12-14 00:00
Modified
2024-08-03 14:31
Severity ?
EPSS score ?
Summary
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | n/a | xorg-x11-server |
Version: xorg-x11-server-1.20.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T14:31:46.296Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2022-46344" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "tags": [ "x_transferred" ], "url": "https://security.gentoo.org/glsa/202305-30" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/12/13/1" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "xorg-x11-server", "vendor": "n/a", "versions": [ { "status": "affected", "version": "xorg-x11-server-1.20.4" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIChangeProperty request has a length-validation issues, resulting in out-of-bounds memory reads and potential information disclosure. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions." } ], "problemTypes": [ { "descriptions": [ { "description": "out-of-bounds access", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-12-26T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2022-46344" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151760" }, { "name": "FEDORA-2022-c3a65f7c65", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DXDF2O5PPLE3SVAJJYUOSAD5QZ4TWQ2G/" }, { "name": "FEDORA-2022-721a78b7e5", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NELB7YDWRABYYBG4UPTHRBDTKJRV5M2/" }, { "name": "DSA-5304", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5304" }, { "name": "FEDORA-2022-dd3eb7e0a8", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z67QC4C3I2FI2WRFIUPEHKC36J362MLA/" }, { "url": "https://security.gentoo.org/glsa/202305-30" }, { "url": "http://www.openwall.com/lists/oss-security/2023/12/13/1" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-46344", "datePublished": "2022-12-14T00:00:00", "dateReserved": "2022-11-30T00:00:00", "dateUpdated": "2024-08-03T14:31:46.296Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-46848
Vulnerability from cvelistv5
Published
2023-11-03 07:58
Modified
2024-11-23 02:54
Severity ?
EPSS score ?
Summary
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2023:6266 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:6268 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2023:6748 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/security/cve/CVE-2023-46848 | vdb-entry, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=2245919 | issue-tracking, x_refsource_REDHAT | |
https://github.com/squid-cache/squid/security/advisories/GHSA-2g3c-pg7q-g59w |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ |
Version: 5.0.3 ≤ |
||||||||||||||||||||||
|