Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-41105 (GCVE-0-2023-41105)
Vulnerability from cvelistv5 – Published: 2023-08-23 00:00 – Updated: 2024-10-03 14:04
VLAI
EPSS
Summary
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:02.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/106242"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/107983"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/107981"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/107982"
},
{
"tags": [
"x_transferred"
],
"url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231006-0015/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python:python:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "python",
"vendor": "python",
"versions": [
{
"lessThanOrEqual": "3.11.4",
"status": "affected",
"version": "3.11",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41105",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T14:01:12.902677Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:04:01.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Python 3.11 through 3.11.4. If a path containing \u0027\\0\u0027 bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first \u0027\\0\u0027 byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-06T14:06:42.352Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/python/cpython/issues/106242"
},
{
"url": "https://github.com/python/cpython/pull/107983"
},
{
"url": "https://github.com/python/cpython/pull/107981"
},
{
"url": "https://github.com/python/cpython/pull/107982"
},
{
"url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231006-0015/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41105",
"datePublished": "2023-08-23T00:00:00.000Z",
"dateReserved": "2023-08-23T00:00:00.000Z",
"dateUpdated": "2024-10-03T14:04:01.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-41105",
"date": "2026-05-29",
"epss": "0.00334",
"percentile": "0.56437"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-41105\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-08-23T07:15:08.590\",\"lastModified\":\"2024-11-21T08:20:35.710\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Python 3.11 through 3.11.4. If a path containing \u0027\\\\0\u0027 bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first \u0027\\\\0\u0027 byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-426\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.11.0\",\"versionEndIncluding\":\"3.11.4\",\"matchCriteriaId\":\"445B042E-9410-42E8-8749-A5EAEF2FF93D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"}]}]}],\"references\":[{\"url\":\"https://github.com/python/cpython/issues/106242\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/python/cpython/pull/107981\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/python/cpython/pull/107982\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/python/cpython/pull/107983\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20231006-0015/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/python/cpython/issues/106242\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/python/cpython/pull/107981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/python/cpython/pull/107982\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/python/cpython/pull/107983\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20231006-0015/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/python/cpython/issues/106242\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/pull/107983\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/pull/107981\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/python/cpython/pull/107982\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231006-0015/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T18:54:02.969Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-41105\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-10-03T14:01:12.902677Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:python:python:-:*:*:*:*:*:*:*\"], \"vendor\": \"python\", \"product\": \"python\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.11\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"3.11.4\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-03T14:03:55.347Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/python/cpython/issues/106242\"}, {\"url\": \"https://github.com/python/cpython/pull/107983\"}, {\"url\": \"https://github.com/python/cpython/pull/107981\"}, {\"url\": \"https://github.com/python/cpython/pull/107982\"}, {\"url\": \"https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231006-0015/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in Python 3.11 through 3.11.4. If a path containing \u0027\\\\0\u0027 bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first \u0027\\\\0\u0027 byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2023-10-06T14:06:42.352Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-41105\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-10-03T14:04:01.955Z\", \"dateReserved\": \"2023-08-23T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2023-08-23T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2023:6494
Vulnerability from osv_almalinux
Published
2023-11-07 00:00
Modified
2023-11-14 12:08
Summary
Moderate: python3.11 security update
Details
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
The following packages have been upgraded to a later upstream version: python3.11 (3.11.5). (BZ#2210785)
Security Fix(es):
- python: tarfile module directory traversal (CVE-2007-4559)
- python: file path truncation at \0 characters (CVE-2023-41105)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "python3.11"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "python3.11-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "python3.11-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "python3.11-idle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "python3.11-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "python3.11-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "python3.11-tkinter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el9_3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nThe following packages have been upgraded to a later upstream version: python3.11 (3.11.5). (BZ#2210785)\n\nSecurity Fix(es):\n\n* python: tarfile module directory traversal (CVE-2007-4559)\n* python: file path truncation at \\0 characters (CVE-2023-41105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:6494",
"modified": "2023-11-14T12:08:31Z",
"published": "2023-11-07T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:6494"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2007-4559"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-41105"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2235795"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/263261"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-6494.html"
}
],
"related": [
"CVE-2007-4559",
"CVE-2023-41105"
],
"summary": "Moderate: python3.11 security update"
}
alsa-2023:7024
Vulnerability from osv_almalinux
Published
2023-11-14 00:00
Modified
2023-11-23 10:22
Summary
Moderate: python3.11 security update
Details
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
- python: tarfile module directory traversal (CVE-2007-4559)
- python: file path truncation at \0 characters (CVE-2023-41105)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.11"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el8_9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.11-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el8_9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.11-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el8_9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.11-idle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el8_9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.11-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el8_9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.11-rpm-macros"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el8_9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.11-test"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el8_9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "python3.11-tkinter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.11.5-1.el8_9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* python: tarfile module directory traversal (CVE-2007-4559)\n* python: file path truncation at \\0 characters (CVE-2023-41105)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2023:7024",
"modified": "2023-11-23T10:22:45Z",
"published": "2023-11-14T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:7024"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2007-4559"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-41105"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2235795"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/263261"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-7024.html"
}
],
"related": [
"CVE-2007-4559",
"CVE-2023-41105"
],
"summary": "Moderate: python3.11 security update"
}
bit-libpython-2023-41105
Vulnerability from bitnami_vulndb
Published
2025-08-11 13:52
Modified
2025-08-11 14:19
Summary
Details
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "libpython",
"purl": "pkg:bitnami/libpython"
},
"ranges": [
{
"events": [
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.5"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2023-41105"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "An issue was discovered in Python 3.11 through 3.11.4. If a path containing \u0027\\0\u0027 bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first \u0027\\0\u0027 byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.",
"id": "BIT-libpython-2023-41105",
"modified": "2025-08-11T14:19:40.295Z",
"published": "2025-08-11T13:52:29.288Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/106242"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/107981"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/107982"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/107983"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41105"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231006-0015/"
}
],
"schema_version": "1.6.2"
}
bit-python-2023-41105
Vulnerability from bitnami_vulndb
Published
2024-10-04 16:35
Modified
2025-04-03 14:40
Summary
Details
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "python",
"purl": "pkg:bitnami/python"
},
"ranges": [
{
"events": [
{
"introduced": "3.11.0"
},
{
"fixed": "3.11.5"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2023-41105"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "An issue was discovered in Python 3.11 through 3.11.4. If a path containing \u0027\\0\u0027 bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first \u0027\\0\u0027 byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.",
"id": "BIT-python-2023-41105",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-10-04T16:35:59.533Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/106242"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/107981"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/107982"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/107983"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231006-0015/"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41105"
}
],
"schema_version": "1.5.0"
}
CERTFR-2024-AVI-0044
Vulnerability from certfr_avis - Published: 2024-01-17 - Updated: 2024-01-17
De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Workbench versions antérieures à 8.0.36 | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.x antérieures à 8.0.36 | ||
| Oracle | MySQL | MySQL Connectors versions 8.0.x antérieures à 8.0.36 | ||
| Oracle | MySQL | MySQL Server versions 8.2.x et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.1.x et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 8.1.x et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions antérieures à 8.0.37 | ||
| Oracle | MySQL | MySQL Connectors versions 8.2.x et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.x antérieures à 7.6.29 | ||
| Oracle | MySQL | MySQL Cluster versions 7.5.x antérieures à 7.5.33 | ||
| Oracle | MySQL | MySQL Connectors versions 8.1.x et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 8.2.x et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.x antérieures à 8.0.36 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Workbench versions ant\u00e9rieures \u00e0 8.0.36",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.x ant\u00e9rieures \u00e0 8.0.36",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.0.x ant\u00e9rieures \u00e0 8.0.36",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.2.x et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.1.x et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.1.x et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions ant\u00e9rieures \u00e0 8.0.37",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.2.x et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.x ant\u00e9rieures \u00e0 7.6.29",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.5.x ant\u00e9rieures \u00e0 7.5.33",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.1.x et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.2.x et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.x ant\u00e9rieures \u00e0 8.0.36",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20977"
},
{
"name": "CVE-2024-20985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20985"
},
{
"name": "CVE-2022-46908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
},
{
"name": "CVE-2024-20964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20964"
},
{
"name": "CVE-2024-20976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20976"
},
{
"name": "CVE-2023-39975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39975"
},
{
"name": "CVE-2024-20962",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20962"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2024-20969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20969"
},
{
"name": "CVE-2023-28484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
},
{
"name": "CVE-2024-20966",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20966"
},
{
"name": "CVE-2024-20972",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20972"
},
{
"name": "CVE-2023-50164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50164"
},
{
"name": "CVE-2024-20961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20961"
},
{
"name": "CVE-2024-20983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20983"
},
{
"name": "CVE-2024-20984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20984"
},
{
"name": "CVE-2023-41105",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41105"
},
{
"name": "CVE-2024-20963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20963"
},
{
"name": "CVE-2024-20981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20981"
},
{
"name": "CVE-2024-20974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20974"
},
{
"name": "CVE-2024-20975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20975"
},
{
"name": "CVE-2023-2283",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2283"
},
{
"name": "CVE-2024-20982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20982"
},
{
"name": "CVE-2024-20971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20971"
},
{
"name": "CVE-2024-20978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20978"
},
{
"name": "CVE-2024-20973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20973"
},
{
"name": "CVE-2023-46589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
},
{
"name": "CVE-2024-20965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20965"
},
{
"name": "CVE-2024-20967",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20967"
},
{
"name": "CVE-2024-20970",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20970"
},
{
"name": "CVE-2024-20968",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20968"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2024-20960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20960"
}
],
"initial_release_date": "2024-01-17T00:00:00",
"last_revision_date": "2024-01-17T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0044",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024verbose du 16 janvier 2024",
"url": "https://www.oracle.com/security-alerts/cpujan2024verbose.html#MSQL"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024 du 16 janvier 2024",
"url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixMSQL"
}
]
}
CERTFR-2024-AVI-0322
Vulnerability from certfr_avis - Published: 2024-04-18 - Updated: 2024-04-18
De multiples vulnérabilités ont été découvertes dans Oracle Database Server. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Database Server versions 19.3 à 19.22 et 21.3 à 21.13 sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Database Server versions 19.3 \u00e0 19.22 et 21.3 \u00e0 21.13 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2022-34381",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34381"
},
{
"name": "CVE-2024-20922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20922"
},
{
"name": "CVE-2023-39975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39975"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2023-28823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28823"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2024-21066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21066"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-21058",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21058"
},
{
"name": "CVE-2023-5072",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-23672",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23672"
},
{
"name": "CVE-2024-20923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20923"
},
{
"name": "CVE-2023-41105",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41105"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2023-42503",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
},
{
"name": "CVE-2024-21093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21093"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2024-20925",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20925"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2024-20995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20995"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"initial_release_date": "2024-04-18T00:00:00",
"last_revision_date": "2024-04-18T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0322",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database\nServer. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database Server",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html#DB"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
}
]
}
FKIE_CVE-2023-41105
Vulnerability from fkie_nvd - Published: 2023-08-23 07:15 - Updated: 2024-11-21 08:20
Severity
Summary
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/python/cpython/issues/106242 | Issue Tracking, Patch | |
| cve@mitre.org | https://github.com/python/cpython/pull/107981 | Patch | |
| cve@mitre.org | https://github.com/python/cpython/pull/107982 | Patch | |
| cve@mitre.org | https://github.com/python/cpython/pull/107983 | Patch | |
| cve@mitre.org | https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/ | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20231006-0015/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/issues/106242 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/pull/107981 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/pull/107982 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/python/cpython/pull/107983 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231006-0015/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| python | python | * | |
| netapp | active_iq_unified_manager | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "445B042E-9410-42E8-8749-A5EAEF2FF93D",
"versionEndIncluding": "3.11.4",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Python 3.11 through 3.11.4. If a path containing \u0027\\0\u0027 bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first \u0027\\0\u0027 byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x."
}
],
"id": "CVE-2023-41105",
"lastModified": "2024-11-21T08:20:35.710",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-23T07:15:08.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/python/cpython/issues/106242"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/python/cpython/pull/107981"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/python/cpython/pull/107982"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/python/cpython/pull/107983"
},
{
"source": "cve@mitre.org",
"url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231006-0015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/python/cpython/issues/106242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/python/cpython/pull/107981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/python/cpython/pull/107982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/python/cpython/pull/107983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231006-0015/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-65FX-PMW6-RCFM
Vulnerability from github – Published: 2023-08-23 09:30 – Updated: 2023-11-01 15:33
VLAI
Details
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2023-41105"
],
"database_specific": {
"cwe_ids": [
"CWE-426"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-23T07:15:08Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Python 3.11 through 3.11.4. If a path containing \u0027\\0\u0027 bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first \u0027\\0\u0027 byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.",
"id": "GHSA-65fx-pmw6-rcfm",
"modified": "2023-11-01T15:33:29Z",
"published": "2023-08-23T09:30:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41105"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/issues/106242"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/107981"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/107982"
},
{
"type": "WEB",
"url": "https://github.com/python/cpython/pull/107983"
},
{
"type": "WEB",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231006-0015"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2023-41105
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-41105",
"id": "GSD-2023-41105"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-41105"
],
"details": "An issue was discovered in Python 3.11 through 3.11.4. If a path containing \u0027\\0\u0027 bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first \u0027\\0\u0027 byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.",
"id": "GSD-2023-41105",
"modified": "2023-12-13T01:20:45.051769Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-41105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Python 3.11 through 3.11.4. If a path containing \u0027\\0\u0027 bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first \u0027\\0\u0027 byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/python/cpython/issues/106242",
"refsource": "MISC",
"url": "https://github.com/python/cpython/issues/106242"
},
{
"name": "https://github.com/python/cpython/pull/107983",
"refsource": "MISC",
"url": "https://github.com/python/cpython/pull/107983"
},
{
"name": "https://github.com/python/cpython/pull/107981",
"refsource": "MISC",
"url": "https://github.com/python/cpython/pull/107981"
},
{
"name": "https://github.com/python/cpython/pull/107982",
"refsource": "MISC",
"url": "https://github.com/python/cpython/pull/107982"
},
{
"name": "https://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/",
"refsource": "CONFIRM",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20231006-0015/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20231006-0015/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.11.4",
"versionStartIncluding": "3.11.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-41105"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Python 3.11 through 3.11.4. If a path containing \u0027\\0\u0027 bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first \u0027\\0\u0027 byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/python/cpython/pull/107982",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/python/cpython/pull/107982"
},
{
"name": "https://github.com/python/cpython/pull/107983",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/python/cpython/pull/107983"
},
{
"name": "https://github.com/python/cpython/pull/107981",
"refsource": "MISC",
"tags": [
"Patch"
],
"url": "https://github.com/python/cpython/pull/107981"
},
{
"name": "https://github.com/python/cpython/issues/106242",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/python/cpython/issues/106242"
},
{
"name": "https://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20231006-0015/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20231006-0015/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-11-01T15:02Z",
"publishedDate": "2023-08-23T07:15Z"
}
}
}
NCSC-2024-0305
Vulnerability from csaf_ncscnl - Published: 2024-07-17 13:55 - Updated: 2024-07-17 13:55Summary
Kwetsbaarheden verholpen in Oracle Siebel CRM
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Er zijn kwetsbaarheden verholpen in Oracle Siebel CRM.
Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
* Denial-of-Service (DoS)
* Toegang tot gevoelige gegevens
* Toegang tot systeemgegevens
* Manipulatie van gegevens
* (Remote) code execution (Gebruikersrechten)
Oplossingen: Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.
Kans: medium
Schade: high
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine
CWE-158: Improper Neutralization of Null Byte or NUL Character
CWE-192: Integer Coercion Error
CWE-20: Improper Input Validation
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-295: Improper Certificate Validation
CWE-325: Missing Cryptographic Step
CWE-404: Improper Resource Shutdown or Release
CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-502: Deserialization of Untrusted Data
CWE-681: Incorrect Conversion between Numeric Types
CWE-754: Improper Check for Unusual or Exceptional Conditions
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-770
- Allocation of Resources Without Limits or Throttling
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
CWE-192
- Integer Coercion Error
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
CWE-787
- Out-of-bounds Write
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
CWE-404
- Improper Resource Shutdown or Release
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
7.8 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
5.3 (Medium)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm
oracle
|
cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
7.5 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
siebel_crm_cloud_applications
oracle
|
cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_deployment
oracle
|
cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_end_user
oracle
|
cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*
|
— | |
|
siebel_crm_integration
oracle
|
cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*
|
— |
References
26 references
| URL | Category |
|---|---|
| https://nvd.nist.gov/vuln/detail/CVE-2021-36090 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-34169 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-37434 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2022-42003 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-22081 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-33201 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-41105 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-46589 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-47627 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-5072 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-5678 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2023-5764 | external |
| https://www.oracle.com/docs/tech/security-alerts/… | external |
| https://www.oracle.com/security-alerts/cpujul2024.html | external |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2021… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2022… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2022… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2022… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
| https://api.ncsc.nl/velma/v1/vulnerabilities/2023… | self |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Er zijn kwetsbaarheden verholpen in Oracle Siebel CRM.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n* Denial-of-Service (DoS)\n* Toegang tot gevoelige gegevens\n* Toegang tot systeemgegevens\n* Manipulatie van gegevens\n* (Remote) code execution (Gebruikersrechten)",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates beschikbaar gesteld om de kwetsbaarheden te verhelpen. Zie de referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements Used in a Template Engine",
"title": "CWE-1336"
},
{
"category": "general",
"text": "Improper Neutralization of Null Byte or NUL Character",
"title": "CWE-158"
},
{
"category": "general",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
},
{
"category": "general",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36090"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34169"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37434"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42003"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22081"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33201"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41105"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46589"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47627"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5072"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5678"
},
{
"category": "external",
"summary": "Source - nvd",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5764"
},
{
"category": "external",
"summary": "Reference - oracle",
"url": "https://www.oracle.com/docs/tech/security-alerts/cpujul2024csaf.json"
},
{
"category": "external",
"summary": "Reference - cveprojectv5; ibm; nvd; oracle",
"url": "https://www.oracle.com/security-alerts/cpujul2024.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Siebel CRM",
"tracking": {
"current_release_date": "2024-07-17T13:55:31.923970Z",
"id": "NCSC-2024-0305",
"initial_release_date": "2024-07-17T13:55:31.923970Z",
"revision_history": [
{
"date": "2024-07-17T13:55:31.923970Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "siebel_crm_cloud_applications",
"product": {
"name": "siebel_crm_cloud_applications",
"product_id": "CSAFPID-1503695",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm_cloud_applications:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siebel_crm_deployment",
"product": {
"name": "siebel_crm_deployment",
"product_id": "CSAFPID-1503697",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm_deployment:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siebel_crm_end_user",
"product": {
"name": "siebel_crm_end_user",
"product_id": "CSAFPID-1503700",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm_end_user:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siebel_crm_integration",
"product": {
"name": "siebel_crm_integration",
"product_id": "CSAFPID-1503702",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm_integration:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siebel_crm",
"product": {
"name": "siebel_crm",
"product_id": "CSAFPID-764293",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siebel_crm",
"product": {
"name": "siebel_crm",
"product_id": "CSAFPID-345046",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm:23.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "siebel_crm",
"product": {
"name": "siebel_crm",
"product_id": "CSAFPID-220191",
"product_identification_helper": {
"cpe": "cpe:2.3:a:oracle:siebel_crm:23.5:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36090",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-36090",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-36090.json"
}
],
"title": "CVE-2021-36090"
},
{
"cve": "CVE-2022-34169",
"cwe": {
"id": "CWE-192",
"name": "Integer Coercion Error"
},
"notes": [
{
"category": "other",
"text": "Integer Coercion Error",
"title": "CWE-192"
},
{
"category": "other",
"text": "Incorrect Conversion between Numeric Types",
"title": "CWE-681"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-34169",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-34169.json"
}
],
"title": "CVE-2022-34169"
},
{
"cve": "CVE-2022-37434",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"title": "CWE-119"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-37434",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-37434.json"
}
],
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-42003",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-42003",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42003.json"
}
],
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2023-5072",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5072",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5072.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-5072"
},
{
"cve": "CVE-2023-5678",
"cwe": {
"id": "CWE-754",
"name": "Improper Check for Unusual or Exceptional Conditions"
},
"notes": [
{
"category": "other",
"text": "Improper Check for Unusual or Exceptional Conditions",
"title": "CWE-754"
},
{
"category": "other",
"text": "Missing Cryptographic Step",
"title": "CWE-325"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5678",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5678.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-5764",
"cwe": {
"id": "CWE-1336",
"name": "Improper Neutralization of Special Elements Used in a Template Engine"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Special Elements Used in a Template Engine",
"title": "CWE-1336"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-5764",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-5764.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-5764"
},
{
"cve": "CVE-2023-22081",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-22081",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-22081.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-22081"
},
{
"cve": "CVE-2023-33201",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-33201",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-33201.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-33201"
},
{
"cve": "CVE-2023-41105",
"cwe": {
"id": "CWE-158",
"name": "Improper Neutralization of Null Byte or NUL Character"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Null Byte or NUL Character",
"title": "CWE-158"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-41105",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-41105.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-41105"
},
{
"cve": "CVE-2023-46589",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-46589",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-46589.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-764293",
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-46589"
},
{
"cve": "CVE-2023-47627",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"notes": [
{
"category": "other",
"text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"title": "CWE-444"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2023-47627",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-47627.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1503695",
"CSAFPID-1503697",
"CSAFPID-1503700",
"CSAFPID-1503702"
]
}
],
"title": "CVE-2023-47627"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…