Common Weakness Enumeration
CWE-121
AllowedStack-based Buffer Overflow
Abstraction: Variant · Status: Draft
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
5213 vulnerabilities reference this CWE, most recent first.
CVE-2024-39757 (GCVE-0-2024-39757)
Vulnerability from cvelistv5 – Published: 2025-01-14 14:21 – Updated: 2025-01-14 16:04
VLAI
EPSS
VEX
Summary
A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wavlink | Wavlink AC3000 |
Affected:
M33A8.V5030.210505
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T15:46:02.895167Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T15:46:11.399Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-14T16:04:15.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wavlink AC3000",
"vendor": "Wavlink",
"versions": [
{
"status": "affected",
"version": "M33A8.V5030.210505"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Lilith \u0026gt;_\u0026gt; of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:21:18.345Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2043",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2043"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-39757",
"datePublished": "2025-01-14T14:21:18.345Z",
"dateReserved": "2024-06-28T18:06:02.838Z",
"dateUpdated": "2025-01-14T16:04:15.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39605 (GCVE-0-2024-39605)
Vulnerability from cvelistv5 – Published: 2024-11-11 14:57 – Updated: 2024-11-11 16:07
VLAI
EPSS
VEX
Title
Delta Electronics DIAScreen Stack-based Buffer Overflow
Summary
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | DIAScreen |
Affected:
0 , < v1.5.0
(custom)
|
|
| deltaww | diascreen |
Affected:
0 , < 1.5.0
(custom)
cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "diascreen",
"vendor": "deltaww",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39605",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T16:07:18.069762Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T16:07:22.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DIAScreen",
"vendor": "Delta Electronics",
"versions": [
{
"lessThan": "v1.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T14:57:23.741Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02"
},
{
"url": "https://www.deltaww.com/en-US/Cybersecurity_Advisory"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDelta Electronics has released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://diastudio.deltaww.com/home/downloads?sec=download\"\u003ev1.5.0 of DIAScreen (login required)\u003c/a\u003e\u0026nbsp;and recommends users install this update on all affected systems.\u003c/p\u003e\u003cp\u003eFor more information, please see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en-US/Cybersecurity_Advisory\"\u003eDelta product cybersecurity advisory for these issues.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics has released v1.5.0 of DIAScreen (login required) https://diastudio.deltaww.com/home/downloads \u00a0and recommends users install this update on all affected systems.\n\nFor more information, please see the Delta product cybersecurity advisory for these issues. https://www.deltaww.com/en-US/Cybersecurity_Advisory"
}
],
"source": {
"advisory": "ICSA-24-312-02",
"discovery": "EXTERNAL"
},
"title": "Delta Electronics DIAScreen Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-39605",
"datePublished": "2024-11-11T14:57:23.741Z",
"dateReserved": "2024-07-16T16:12:58.995Z",
"dateUpdated": "2024-11-11T16:07:22.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39603 (GCVE-0-2024-39603)
Vulnerability from cvelistv5 – Published: 2025-01-14 14:21 – Updated: 2025-01-14 16:04
VLAI
EPSS
VEX
Summary
A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wavlink | Wavlink AC3000 |
Affected:
M33A8.V5030.210505
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39603",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T15:43:11.151358Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T15:43:34.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-14T16:04:09.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2042"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wavlink AC3000",
"vendor": "Wavlink",
"versions": [
{
"status": "affected",
"version": "M33A8.V5030.210505"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Lilith \u0026gt;_\u0026gt; of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:21:20.463Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2042",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2042"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-39603",
"datePublished": "2025-01-14T14:21:20.463Z",
"dateReserved": "2024-06-28T18:06:04.170Z",
"dateUpdated": "2025-01-14T16:04:09.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39556 (GCVE-0-2024-39556)
Vulnerability from cvelistv5 – Published: 2024-07-10 22:38 – Updated: 2024-08-02 04:26
VLAI
EPSS
VEX
Title
Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow
Summary
A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.
By exploiting the 'set security certificates' command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user's command interpreter, or potentially trigger a stack-based buffer overflow.
This issue affects:
Junos OS:
* All versions before 21.4R3-S7,
* from 22.1 before 22.1R3-S6,
* from 22.2 before 22.2R3-S4,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S2,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R1-S1, 23.4R2;
Junos OS Evolved:
* All versions before 21.4R3-S7-EVO,
* from 22.1-EVO before 22.1R3-S6-EVO,
* from 22.2-EVO before 22.2R3-S4-EVO,
* from 22.3-EVO before 22.3R3-S3-EVO,
* from 22.4-EVO before 22.4R3-S2-EVO,
* from 23.2-EVO before 23.2R2-EVO,
* from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA83016 | vendor-advisory |
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.4R3-S7
(semver)
Affected: 22.1 , < 22.1R3-S6 (semver) Affected: 22.2 , < 22.2R3-S4 (semver) Affected: 22.3 , < 22.3R3-S3 (semver) Affected: 22.4 , < 22.4R3-S2 (semver) Affected: 23.2 , < 23.2R2 (semver) Affected: 23.4 , < 23.4R1-S1, 23.4R2 (semver) |
|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 21.4R3-S7-EVO
(semver)
Affected: 22.1-EVO , < 22.1R3-S6-EVO (semver) Affected: 22.2-EVO , < 22.2R3-S4-EVO (semver) Affected: 22.3-EVO , < 22.3R3-S3-EVO (semver) Affected: 22.4-EVO , < 22.4R3-S2-EVO (semver) Affected: 23.2-EVO , < 23.2R2-EVO (semver) Affected: 23.4-EVO , < 23.4R1-S1-EVO, 23.4R2-EVO (semver) |
|
| juniper | junos_os_evolved |
Affected:
0 , < 21.4r3-s7-evo
(semver)
Affected: 22.1-evo , < 22.1r3-s6-evo (semver) Affected: 22.2-evo , < 22.2r3-s4-evo (semver) Affected: 22.3-evo , < 22.3r3-s3-evo (semver) Affected: 22.4-evo , < 22.4r3-s3-evo (semver) Affected: 23.2-evo , < 23.2r2-evo (semver) cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:* |
|
| juniper | junos_os |
Affected:
0 , < 21.4r3-s7
(semver)
Affected: 22.1 , < 22.1r3-s6 (semver) Affected: 22.2 , < 22.2r3-s4 (semver) Affected: 22.3 , < 22.3r3-s3 (semver) Affected: 22.4 , < 22.4r3-s2 (semver) Affected: 23.2 , < 23.2r2 (semver) Affected: 23.4 , < 23.4r1-s1 (semver) Affected: 23.4 , < 23.4r2 (semver) Affected: 23.4-evo , < 23.4r1-s1-evo (semver) Affected: 23.4-evo , < 23.4r2-evo (semver) cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:* |
Date Public
2024-07-10 16:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os_evolved",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7-evo",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1r3-s6-evo",
"status": "affected",
"version": "22.1-evo",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s4-evo",
"status": "affected",
"version": "22.2-evo",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s3-evo",
"status": "affected",
"version": "22.3-evo",
"versionType": "semver"
},
{
"lessThan": "22.4r3-s3-evo",
"status": "affected",
"version": "22.4-evo",
"versionType": "semver"
},
{
"lessThan": "23.2r2-evo",
"status": "affected",
"version": "23.2-evo",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "junos_os",
"vendor": "juniper",
"versions": [
{
"lessThan": "21.4r3-s7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1r3-s6",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2r3-s4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3r3-s3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4r3-s2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2r2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4r1-s1",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4r2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "23.4r1-s1-evo",
"status": "affected",
"version": "23.4-evo",
"versionType": "semver"
},
{
"lessThan": "23.4r2-evo",
"status": "affected",
"version": "23.4-evo",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39556",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-13T03:55:17.897Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://supportportal.juniper.net/JSA83016"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S6",
"status": "affected",
"version": "22.1",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.1R3-S6-EVO",
"status": "affected",
"version": "22.1-EVO",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2-EVO",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3-EVO",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2-EVO",
"status": "affected",
"version": "22.4-EVO",
"versionType": "semver"
},
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2-EVO",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S1-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4-EVO",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-10T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.\u003cbr\u003e\u003cbr\u003eBy exploiting the \u0027set security certificates\u0027 command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user\u0027s command interpreter, or potentially trigger a stack-based buffer overflow.\n\n\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u0026nbsp;Junos OS: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S7, \u003c/li\u003e\u003cli\u003efrom 22.1 before 22.1R3-S6, \u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4, \u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3, \u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S1, 23.4R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved: \u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions before 21.4R3-S7-EVO, \u003c/li\u003e\u003cli\u003efrom 22.1-EVO before 22.1R3-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 22.2-EVO before 22.2R3-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 22.3-EVO before 22.3R3-S3-EVO, \u003c/li\u003e\u003cli\u003efrom 22.4-EVO before 22.4R3-S2-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2-EVO before 23.2R2-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.\n\nBy exploiting the \u0027set security certificates\u0027 command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user\u0027s command interpreter, or potentially trigger a stack-based buffer overflow.\n\n\nThis issue affects:\n\n\u00a0Junos OS: \n\n\n * All versions before 21.4R3-S7, \n * from 22.1 before 22.1R3-S6, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S2, \n * from 23.2 before 23.2R2, \n * from 23.4 before 23.4R1-S1, 23.4R2;\u00a0\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions before 21.4R3-S7-EVO, \n * from 22.1-EVO before 22.1R3-S6-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-S2-EVO, \n * from 23.2-EVO before 23.2R2-EVO, \n * from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T22:38:44.894Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83016"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003eJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\u003cbr\u003e\nJunos OS Evolved:\u0026nbsp;21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S6, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2, 23.4R1-S1, 23.4R2, 24.2R1, and all subsequent releases.\n\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S7-EVO, 22.1R3-S6-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-EVO, 23.4R1-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA83016",
"defect": [
"1780283"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Loading a malicious certificate from the CLI may result in a stack-based overflow",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39556",
"datePublished": "2024-07-10T22:38:44.894Z",
"dateReserved": "2024-06-25T15:12:53.247Z",
"dateUpdated": "2024-08-02T04:26:15.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39389 (GCVE-0-2024-39389)
Vulnerability from cvelistv5 – Published: 2024-08-14 15:05 – Updated: 2024-08-16 04:01
VLAI
EPSS
VEX
Title
Adobe Indesign PDF File Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability
Summary
InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow (CWE-121)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://helpx.adobe.com/security/products/indesig… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Adobe | InDesign Desktop |
Affected:
0 , ≤ ID18.5.2
(semver)
|
|
| adobe | indesign |
Affected:
0 , ≤ 19.4
(semver)
Affected: 0 , ≤ 18.5.2 (semver) cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:* |
Date Public
2024-08-13 17:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:adobe:indesign:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "indesign",
"vendor": "adobe",
"versions": [
{
"lessThanOrEqual": "19.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "18.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T04:01:56.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "InDesign Desktop",
"vendor": "Adobe",
"versions": [
{
"lessThanOrEqual": "ID18.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-08-13T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "InDesign Desktop versions ID19.4, ID18.5.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"exploitCodeMaturity": "NOT_DEFINED",
"integrityImpact": "HIGH",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "LOW",
"modifiedAttackVector": "LOCAL",
"modifiedAvailabilityImpact": "HIGH",
"modifiedConfidentialityImpact": "HIGH",
"modifiedIntegrityImpact": "HIGH",
"modifiedPrivilegesRequired": "NONE",
"modifiedScope": "NOT_DEFINED",
"modifiedUserInteraction": "REQUIRED",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow (CWE-121)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T15:05:42.561Z",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://helpx.adobe.com/security/products/indesign/apsb24-56.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Adobe Indesign PDF File Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2024-39389",
"datePublished": "2024-08-14T15:05:42.561Z",
"dateReserved": "2024-06-24T20:32:06.588Z",
"dateUpdated": "2024-08-16T04:01:56.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39359 (GCVE-0-2024-39359)
Vulnerability from cvelistv5 – Published: 2025-01-14 14:21 – Updated: 2025-01-14 16:04
VLAI
EPSS
VEX
Summary
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wavlink | Wavlink AC3000 |
Affected:
M33A8.V5030.210505
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T15:36:51.819452Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T15:37:00.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-14T16:04:03.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2040"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wavlink AC3000",
"vendor": "Wavlink",
"versions": [
{
"status": "affected",
"version": "M33A8.V5030.210505"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Lilith \u0026gt;_\u0026gt; of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:21:21.683Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2040",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2040"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-39359",
"datePublished": "2025-01-14T14:21:21.683Z",
"dateReserved": "2024-06-28T18:06:07.280Z",
"dateUpdated": "2025-01-14T16:04:03.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39357 (GCVE-0-2024-39357)
Vulnerability from cvelistv5 – Published: 2025-01-14 14:21 – Updated: 2025-01-14 16:04
VLAI
EPSS
VEX
Summary
A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Severity
9.1 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Wavlink | Wavlink AC3000 |
Affected:
M33A8.V5030.210505
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T15:35:19.963498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T15:35:28.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-14T16:04:01.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-2039"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wavlink AC3000",
"vendor": "Wavlink",
"versions": [
{
"status": "affected",
"version": "M33A8.V5030.210505"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Lilith \u0026gt;_\u0026gt; of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T14:21:22.249Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2039",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-2039"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2024-39357",
"datePublished": "2025-01-14T14:21:22.249Z",
"dateReserved": "2024-06-28T18:06:08.518Z",
"dateUpdated": "2025-01-14T16:04:01.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39354 (GCVE-0-2024-39354)
Vulnerability from cvelistv5 – Published: 2024-11-11 14:59 – Updated: 2024-11-11 16:07
VLAI
EPSS
VEX
Title
Delta Electronics DIAScreen Stack-based Buffer Overflow
Summary
If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Delta Electronics | DIAScreen |
Affected:
0 , < v1.5.0
(custom)
|
|
| deltaww | diascreen |
Affected:
0 , < 1.5.0
(custom)
cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:deltaww:diascreen:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "diascreen",
"vendor": "deltaww",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39354",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-11T16:07:33.279755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T16:07:37.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DIAScreen",
"vendor": "Delta Electronics",
"versions": [
{
"lessThan": "v1.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Natnael Samson working with Trend Micro Zero Day Initiative reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIf an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-11T14:59:38.364Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-312-02"
},
{
"url": "https://www.deltaww.com/en-US/Cybersecurity_Advisory"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDelta Electronics has released \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://diastudio.deltaww.com/home/downloads?sec=download\"\u003ev1.5.0 of DIAScreen (login required)\u003c/a\u003e\u0026nbsp;and recommends users install this update on all affected systems.\u003c/p\u003e\u003cp\u003eFor more information, please see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.deltaww.com/en-US/Cybersecurity_Advisory\"\u003eDelta product cybersecurity advisory for these issues.\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Delta Electronics has released v1.5.0 of DIAScreen (login required) https://diastudio.deltaww.com/home/downloads \u00a0and recommends users install this update on all affected systems.\n\nFor more information, please see the Delta product cybersecurity advisory for these issues. https://www.deltaww.com/en-US/Cybersecurity_Advisory"
}
],
"source": {
"advisory": "ICSA-24-312-02",
"discovery": "EXTERNAL"
},
"title": "Delta Electronics DIAScreen Stack-based Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-39354",
"datePublished": "2024-11-11T14:59:38.364Z",
"dateReserved": "2024-07-16T16:12:58.987Z",
"dateUpdated": "2024-11-11T16:07:37.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38509 (GCVE-0-2024-38509)
Vulnerability from cvelistv5 – Published: 2024-07-26 19:45 – Updated: 2024-08-02 04:12
VLAI
EPSS
VEX
Summary
A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack Buffer Overflow
Assigner
References
1 reference
Impacted products
113 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | XClarity Controller |
Affected:
various
|
|
| lenovo | thinkagile_hx5530_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_hx5530_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx7530_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_hx7530_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx3331_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_vx3331_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx_enclosure_certified_node_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinkagile_hx_enclosure_certified_node_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx1021_edg_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinkagile_hx1021_edg_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx1320_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx1320_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx1331_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_hx1331_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx1321_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx1321_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx1520-r_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx1520-r_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx1521-r_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx1521-r_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx2320-e_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx2320-e_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx2321_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx2321_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx2330_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_hx2330_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx2331_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_hx2331_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx2720-e_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinkagile_hx2720-e_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx3320_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx3320_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx3321_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx3321_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx3330_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_hx3330_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx3331 |
Affected:
0 , < 4.71
(custom)
cpe:2.3:h:lenovo:thinkagile_hx3331:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx3375_firmware |
Affected:
0 , < 5.61
(custom)
cpe:2.3:o:lenovo:thinkagile_hx3375_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx3376_firmware |
Affected:
0 , < 5.61
(custom)
cpe:2.3:o:lenovo:thinkagile_hx3376_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx3520-g_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx3520-g_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx3521-g_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx3521-g_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx3720_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinkagile_hx3720_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx3721_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinkagile_hx3721_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx5520-c_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx5520-c_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx5521-c_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx5521-c_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx5531_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_hx5531_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx7520_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx7520_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx7521_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_hx7521_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx7531_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_hx7531_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx7820_firmware |
Affected:
0 , < 3.11
(custom)
cpe:2.3:o:lenovo:thinkagile_hx7820_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_hx7821_firmware |
Affected:
0 , < 3.11
(custom)
cpe:2.3:o:lenovo:thinkagile_hx7821_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_mx1020_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinkagile_mx1020_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_mx3330-f_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_mx3330-f_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_mx3330-h_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_mx3330-h_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_mx3331-f_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_mx3331-f_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_mx3331-h_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_mx3331-h_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_mx3530_f_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_mx3530_f_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_mx3530-h_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_mx3530-h_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_mx3531-f_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_mx3531-f_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx1320_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinkagile_vx1320_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx2320_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_vx2320_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx2330_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_vx2330_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx3320_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_vx3320_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx3330_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_vx3330_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx3520-g_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_vx3520-g_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx3530-g_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_vx3530-g_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx3720_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinkagile_vx3720_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx5520_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_vx5520_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx5530_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_vx5530_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx7320_n_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_vx7320_n_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx7330_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_vx7330_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx7520_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_vx7520_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx7520_n_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkagile_vx7520_n_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx7530_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_vx7530_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx7531_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinkagile_vx7531_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkagile_vx7820_firmware |
Affected:
0 , < 3.11
(custom)
cpe:2.3:o:lenovo:thinkagile_vx7820_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinkstation_p920_workstation_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinkstation_p920_workstation_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_st250_firmware |
Affected:
0 , < 1.12
(custom)
cpe:2.3:o:lenovo:thinksystem_st250_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sd530_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sd530_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sd630_v2_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sd630_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sd650_dual_node_tray_firmware |
Affected:
0 , < 4.11
(custom)
Affected: 0 , < 6.36 (custom) cpe:2.3:o:lenovo:thinksystem_sd650_dual_node_tray_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sd650-n_v2_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sd650-n_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sd650_v3_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sd650_v3_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sd665_v3_firmware |
Affected:
0 , < 5.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sd665_v3_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_se350_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_se350_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sn550_firmware |
Affected:
0 , < 4.11
(custom)
Affected: 0 , < 6.36 (custom) cpe:2.3:o:lenovo:thinksystem_sn550_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sn550_v2_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sn550_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sn850_firmware |
Affected:
0 , < 4.11
(custom)
Affected: 0 , < 6.36 (custom) cpe:2.3:o:lenovo:thinksystem_sn850_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr150_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr150_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr158_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr158_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr250_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr250_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr250_v2_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr250_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr258_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr258_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr258_v2_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr258_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr530_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinksystem_sr530_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr550_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinksystem_sr550_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr570_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinksystem_sr570_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr590_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinksystem_sr590_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr630_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinksystem_sr630_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr630_v2_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinksystem_sr630_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr630_v3_firmware |
Affected:
0 , < 4.51
(custom)
cpe:2.3:o:lenovo:thinksystem_sr630_v3_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr635_firmware |
Affected:
0 , < 2.81
(custom)
cpe:2.3:o:lenovo:thinksystem_sr635_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr645_firmware |
Affected:
0 , < 5.61
(custom)
cpe:2.3:o:lenovo:thinksystem_sr645_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr645_v3_firmware |
Affected:
0 , < 2.81
(custom)
cpe:2.3:o:lenovo:thinksystem_sr645_v3_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr650_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinksystem_sr650_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr650_v2_firmware |
Affected:
0 , < 4.71
(custom)
cpe:2.3:o:lenovo:thinksystem_sr650_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr655_v3_firmware |
Affected:
0 , < 2.81
(custom)
cpe:2.3:o:lenovo:thinksystem_sr655_v3_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr665_firmware |
Affected:
0 , < 5.61
(custom)
cpe:2.3:o:lenovo:thinksystem_sr665_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr665_v3_firmware |
Affected:
0 , < 5.61
(custom)
Affected: 0 , < 2.81 (custom) cpe:2.3:o:lenovo:thinksystem_sr665_v3_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr670_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr670_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr670_v2_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr670_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr670_v2_firmware |
Affected:
0 , < 5.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr670_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr675_v3_firmware |
Affected:
0 , < 5.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr675_v3_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr850_firmware |
Affected:
0 , < 6.36
(custom)
Affected: 0 , < 4.11 (custom) cpe:2.3:o:lenovo:thinksystem_sr850_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr850_v2_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr850_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr850_v3_firmware |
Affected:
0 , < 1.20
(custom)
cpe:2.3:o:lenovo:thinksystem_sr850_v3_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr850p_firmware |
Affected:
0 , < 6.36
(custom)
cpe:2.3:o:lenovo:thinksystem_sr850p_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr860_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr860_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr860_v2_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr860_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr860_v3_firmware |
Affected:
0 , < 1.20
(custom)
cpe:2.3:o:lenovo:thinksystem_sr860_v3_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_sr950_firmware |
Affected:
0 , < 3.11
(custom)
cpe:2.3:o:lenovo:thinksystem_sr950_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_st250_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_st250_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_st250_v2_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_st250_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_st258_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_st258_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_st258_v2_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_st258_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_st550_firmware |
Affected:
0 , < 9.97
(custom)
cpe:2.3:o:lenovo:thinksystem_st550_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_st650_v2_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_st650_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_st650_v3_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_st650_v3_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_st658_v2_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_st658_v2_firmware:-:*:*:*:*:*:*:* |
|
| lenovo | thinksystem_st658_v3_firmware |
Affected:
0 , < 4.11
(custom)
cpe:2.3:o:lenovo:thinksystem_st658_v3_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx5530_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx5530_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx7530_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx7530_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx3331_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx3331_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx_enclosure_certified_node_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx_enclosure_certified_node_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx1021_edg_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx1021_edg_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx1320_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx1320_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx1331_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx1331_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx1321_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx1321_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx1520-r_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx1520-r_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx1521-r_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx1521-r_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx2320-e_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx2320-e_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx2321_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx2321_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx2330_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx2330_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx2331_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx2331_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx2720-e_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx2720-e_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx3320_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx3320_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx3321_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx3321_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx3330_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx3330_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:h:lenovo:thinkagile_hx3331:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx3331",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx3375_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx3375_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "5.61",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx3376_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx3376_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "5.61",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx3520-g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx3520-g_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx3521-g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx3521-g_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx3720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx3720_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx3721_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx3721_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx5520-c_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx5520-c_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx5521-c_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx5521-c_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx5531_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx5531_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx7520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx7520_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx7521_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx7521_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx7521_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx7521_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx7530_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx7530_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx7531_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx7531_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx7820_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx7820_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_hx7821_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_hx7821_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_mx1020_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_mx1020_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_mx3330-f_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_mx3330-f_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_mx3330-h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_mx3330-h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_mx3331-f_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_mx3331-f_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_mx3331-h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_mx3331-h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_mx3530_f_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_mx3530_f_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_mx3530-h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_mx3530-h_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_mx3531-f_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_mx3531-f_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx1320_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx1320_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx2320_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx2320_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx2330_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx2330_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx3320_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx3320_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx3330_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx3330_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx3520-g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx3520-g_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx3530-g_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx3530-g_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx3720_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx3720_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx5520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx5520_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx5530_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx5530_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx7320_n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx7320_n_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx7330_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx7330_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx7520_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx7520_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx7520_n_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx7520_n_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx7530_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx7530_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx7531_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx7531_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkagile_vx7820_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkagile_vx7820_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinkstation_p920_workstation_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinkstation_p920_workstation_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_st250_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_st250_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "1.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sd530_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sd530_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sd630_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sd630_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sd650_dual_node_tray_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sd650_dual_node_tray_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "6.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sd650-n_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sd650-n_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sd650_v3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sd650_v3_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sd665_v3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sd665_v3_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_se350_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_se350_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sn550_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sn550_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "6.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sn550_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sn550_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sn850_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sn850_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "6.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr150_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr150_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr158_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr158_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr250_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr250_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr250_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr250_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr258_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr258_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr258_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr258_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr530_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr530_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr550_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr550_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr570_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr570_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr590_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr590_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr630_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr630_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr630_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr630_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr630_v3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr630_v3_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.51",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr635_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr635_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "2.81",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr645_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr645_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "5.61",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr645_v3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr645_v3_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "2.81",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr650_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr650_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr650_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr650_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.71",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr655_v3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr655_v3_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "2.81",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr665_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr665_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "5.61",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr665_v3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr665_v3_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "5.61",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2.81",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr670_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr670_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr670_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr670_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr670_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr670_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr675_v3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr675_v3_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "5.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr850_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr850_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "6.36",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr850_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr850_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr850_v3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr850_v3_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "1.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr850p_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr850p_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "6.36",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr860_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr860_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr860_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr860_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr860_v3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr860_v3_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "1.20",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_sr950_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_sr950_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "3.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_st250_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_st250_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_st250_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_st250_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_st258_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_st258_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_st258_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_st258_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_st550_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_st550_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "9.97",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_st650_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_st650_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_st650_v3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_st650_v3_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_st658_v2_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_st658_v2_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:lenovo:thinksystem_st658_v3_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "thinksystem_st658_v3_firmware",
"vendor": "lenovo",
"versions": [
{
"lessThan": "4.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38509",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-27T17:20:51.281908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-27T17:21:01.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:24.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.lenovo.com/us/en/product_security/LEN-156781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "XClarity Controller",
"vendor": "Lenovo",
"versions": [
{
"status": "affected",
"version": "various"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command.\u003c/span\u003e"
}
],
"value": "A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T19:45:01.471Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-156781"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to the version (or newer) indicated for your model in the Product Impact section in the advisory: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-156781\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-156781\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Update to the version (or newer) indicated for your model in the Product Impact section in the advisory: https://support.lenovo.com/us/en/product_security/LEN-156781"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2024-38509",
"datePublished": "2024-07-26T19:45:01.471Z",
"dateReserved": "2024-06-18T14:42:40.470Z",
"dateUpdated": "2024-08-02T04:12:24.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38410 (GCVE-0-2024-38410)
Vulnerability from cvelistv5 – Published: 2024-11-04 10:04 – Updated: 2024-11-16 04:55
VLAI
EPSS
VEX
Title
Stack-based Buffer Overflow in WLAN Windows Host
Summary
Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
Impacted products
25 products
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
FastConnect 6700
Affected: FastConnect 6900 Affected: FastConnect 7800 Affected: QCC2073 Affected: QCC2076 Affected: QCM5430 Affected: QCM6490 Affected: QCS5430 Affected: QCS6490 Affected: Qualcomm Video Collaboration VC3 Platform Affected: SC8380XP Affected: SDM429W Affected: Snapdragon 429 Mobile Platform Affected: Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB) Affected: WCD9370 Affected: WCD9375 Affected: WCD9380 Affected: WCD9385 Affected: WCN3620 Affected: WCN3660B Affected: WSA8830 Affected: WSA8835 Affected: WSA8840 Affected: WSA8845 Affected: WSA8845H |
|
| qualcomm | fastconnect_6700_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | fastconnect_6900_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | fastconnect_7800_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qcc2073_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qcc2073_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qcc2076_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qcc2076_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qcm5430_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qcm6490_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qcs5430_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qcs5430_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qcs6490_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | qualcomm_video_collaboration_vc3_platform_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:qualcomm_video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | sc8380xp_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | sdm429w_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | snapdragon_429_mobile_platform_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:snapdragon_429_mobile_platform_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9370_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9375_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9380_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcd9385_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn3620_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wcn3660b_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8830_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8835_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8840_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8845_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:* |
|
| qualcomm | wsa8845h_firmware |
Affected:
0 , ≤ *
(custom)
cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastconnect_6700_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastconnect_6900_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fastconnect_7800_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcc2073_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcc2073_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcc2076_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcc2076_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcm5430_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcm6490_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs5430_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs5430_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qcs6490_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:qualcomm_video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "qualcomm_video_collaboration_vc3_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sc8380xp_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sdm429w_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:snapdragon_429_mobile_platform_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "snapdragon_429_mobile_platform_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9370_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9375_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9380_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcd9385_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3620_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wcn3660b_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8830_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8835_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8840_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8845_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wsa8845h_firmware",
"vendor": "qualcomm",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38410",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-16T04:55:25.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Compute",
"Snapdragon Connectivity",
"Snapdragon Consumer Electronics Connectivity",
"Snapdragon Industrial IOT",
"Snapdragon Wearables"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "FastConnect 6700"
},
{
"status": "affected",
"version": "FastConnect 6900"
},
{
"status": "affected",
"version": "FastConnect 7800"
},
{
"status": "affected",
"version": "QCC2073"
},
{
"status": "affected",
"version": "QCC2076"
},
{
"status": "affected",
"version": "QCM5430"
},
{
"status": "affected",
"version": "QCM6490"
},
{
"status": "affected",
"version": "QCS5430"
},
{
"status": "affected",
"version": "QCS6490"
},
{
"status": "affected",
"version": "Qualcomm Video Collaboration VC3 Platform"
},
{
"status": "affected",
"version": "SC8380XP"
},
{
"status": "affected",
"version": "SDM429W"
},
{
"status": "affected",
"version": "Snapdragon 429 Mobile Platform"
},
{
"status": "affected",
"version": "Snapdragon 8cx Gen 3 Compute Platform (SC8280XP-AB, BB)"
},
{
"status": "affected",
"version": "WCD9370"
},
{
"status": "affected",
"version": "WCD9375"
},
{
"status": "affected",
"version": "WCD9380"
},
{
"status": "affected",
"version": "WCD9385"
},
{
"status": "affected",
"version": "WCN3620"
},
{
"status": "affected",
"version": "WCN3660B"
},
{
"status": "affected",
"version": "WSA8830"
},
{
"status": "affected",
"version": "WSA8835"
},
{
"status": "affected",
"version": "WSA8840"
},
{
"status": "affected",
"version": "WSA8845"
},
{
"status": "affected",
"version": "WSA8845H"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption while IOCLT is called when device is in invalid state and the WMI command buffer may be freed twice."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-04T10:04:53.283Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2024-bulletin.html"
}
],
"title": "Stack-based Buffer Overflow in WLAN Windows Host"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2024-38410",
"datePublished": "2024-11-04T10:04:53.283Z",
"dateReserved": "2024-06-16T00:50:18.903Z",
"dateUpdated": "2024-11-16T04:55:25.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-10
Operation
Build and Compilation
Strategy: Environment Hardening
- Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
- D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Architecture and Design
Use an abstraction library to abstract away risky APIs. Not a complete solution.
Mitigation
Implementation
Implement and perform bounds checking on input.
Mitigation
Implementation
Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.
Mitigation MIT-11
Operation
Build and Compilation
Strategy: Environment Hardening
- Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
- Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
- For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].
No CAPEC attack patterns related to this CWE.