Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0279
Vulnerability from certfr_avis - Published: 2025-04-04 - Updated: 2025-04-04
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | Db2 versions antérieures à 5.1.2 pour Cloud Pak for Data | ||
| IBM | WebSphere | WebSphere Application Server Liberty sans le correctif APAR PH65394 | ||
| IBM | Db2 Warehouse | Db2 Warehouse versions antérieures à 5.1.2 pour Cloud Pak for Data | ||
| IBM | WebSphere | WebSphere Hybrid Edition sans le dernier correctif de sécurité | ||
| IBM | QRadar Analyst Workflow | QRadar Analyst Workflow versions antérieures à 3.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Db2 versions ant\u00e9rieures \u00e0 5.1.2 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty sans le correctif APAR PH65394",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse versions ant\u00e9rieures \u00e0 5.1.2 pour Cloud Pak for Data",
"product": {
"name": "Db2 Warehouse",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Analyst Workflow versions ant\u00e9rieures \u00e0 3.0.0",
"product": {
"name": "QRadar Analyst Workflow",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"name": "CVE-2022-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48890"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-37071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37071"
},
{
"name": "CVE-2025-25285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25285"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-34997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34997"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35946"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-41761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41761"
},
{
"name": "CVE-2022-29153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29153"
},
{
"name": "CVE-2023-52605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52605"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2018-6341",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6341"
},
{
"name": "CVE-2023-52455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52455"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26740"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2025-25288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25288"
},
{
"name": "CVE-2024-35790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
},
{
"name": "CVE-2022-48921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48921"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-25290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25290"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2021-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2023-52832",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52832"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2020-13844",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13844"
},
{
"name": "CVE-2024-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26776"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2024-41762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41762"
},
{
"name": "CVE-2024-39494",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39494"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2024-26843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26843"
},
{
"name": "CVE-2024-40679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40679"
},
{
"name": "CVE-2023-52885",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52885"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2019-11253",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11253"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2025-25289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25289"
},
{
"name": "CVE-2024-45663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45663"
},
{
"name": "CVE-2023-52467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52467"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2022-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48706"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
}
],
"initial_release_date": "2025-04-04T00:00:00",
"last_revision_date": "2025-04-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0279",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230024",
"url": "https://www.ibm.com/support/pages/node/7230024"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229770",
"url": "https://www.ibm.com/support/pages/node/7229770"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229443",
"url": "https://www.ibm.com/support/pages/node/7229443"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229768",
"url": "https://www.ibm.com/support/pages/node/7229768"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229772",
"url": "https://www.ibm.com/support/pages/node/7229772"
}
]
}
CVE-2024-36620 (GCVE-0-2024-36620)
Vulnerability from cvelistv5 – Published: 2024-11-29 00:00 – Updated: 2024-12-04 17:14
VLAI
EPSS
Summary
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-476 - NULL Pointer Dereference
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36620",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T17:14:00.947934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T17:14:27.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T18:08:02.249Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4"
},
{
"url": "https://github.com/moby/moby/blob/v26.0.2/daemon/images/image_history.go#L48"
},
{
"url": "https://gist.github.com/1047524396/f08816669701ab478a265a811d2c89b2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-36620",
"datePublished": "2024-11-29T00:00:00.000Z",
"dateReserved": "2024-05-30T00:00:00.000Z",
"dateUpdated": "2024-12-04T17:14:27.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37071 (GCVE-0-2024-37071)
Vulnerability from cvelistv5 – Published: 2024-12-07 12:53 – Updated: 2024-12-09 18:02
VLAI
EPSS
Title
IBM Db2 denial of service
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-789 - Uncontrolled Memory Allocation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Affected:
10.5, 11.1, 11.5
cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37071",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T17:37:10.296290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T18:02:16.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2 for Linux, UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.5, 11.1, 11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.\u003c/span\u003e"
}
],
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Uncontrolled Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-07T12:53:31.722Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7175940"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-37071",
"datePublished": "2024-12-07T12:53:31.722Z",
"dateReserved": "2024-06-02T15:43:57.554Z",
"dateUpdated": "2024-12-09T18:02:16.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39494 (GCVE-0-2024-39494)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:20 – Updated: 2026-05-11 20:21
VLAI
EPSS
Title
ima: Fix use-after-free on a dentry's dname.name
Summary
In the Linux kernel, the following vulnerability has been resolved:
ima: Fix use-after-free on a dentry's dname.name
->d_name.name can change on rename and the earlier value can be freed;
there are conditions sufficient to stabilize it (->d_lock on dentry,
->d_lock on its parent, ->i_rwsem exclusive on the parent's inode,
rename_lock), but none of those are met at any of the sites. Take a stable
snapshot of the name instead.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < 480afcbeb7aaaa22677d3dd48ec590b441eaac1a
(git)
Affected: 2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < edf287bc610b18d7a9c0c0c1cb2e97b9348c71bb (git) Affected: 2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < 0b31e28fbd773aefb6164687e0767319b8199829 (git) Affected: 2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < 7fb374981e31c193b1152ed8d3b0a95b671330d4 (git) Affected: 2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c (git) Affected: 2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < a78a6f0da57d058e2009e9958fdcef66f165208c (git) Affected: 2fe5d6def1672ae6635dd71867bf36dcfaa7434b , < be84f32bb2c981ca670922e047cdde1488b233de (git) |
|
| Linux | Linux |
Affected:
3.7
Unaffected: 0 , < 3.7 (semver) Unaffected: 5.4.291 , ≤ 5.4.* (semver) Unaffected: 5.10.235 , ≤ 5.10.* (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.97 , ≤ 6.1.* (semver) Unaffected: 6.6.35 , ≤ 6.6.* (semver) Unaffected: 6.9.6 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:56:11.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7fb374981e31c193b1152ed8d3b0a95b671330d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a78a6f0da57d058e2009e9958fdcef66f165208c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be84f32bb2c981ca670922e047cdde1488b233de"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39494",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:07:29.508967Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:39.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/integrity/ima/ima_api.c",
"security/integrity/ima/ima_template_lib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "480afcbeb7aaaa22677d3dd48ec590b441eaac1a",
"status": "affected",
"version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
"versionType": "git"
},
{
"lessThan": "edf287bc610b18d7a9c0c0c1cb2e97b9348c71bb",
"status": "affected",
"version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
"versionType": "git"
},
{
"lessThan": "0b31e28fbd773aefb6164687e0767319b8199829",
"status": "affected",
"version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
"versionType": "git"
},
{
"lessThan": "7fb374981e31c193b1152ed8d3b0a95b671330d4",
"status": "affected",
"version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
"versionType": "git"
},
{
"lessThan": "dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c",
"status": "affected",
"version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
"versionType": "git"
},
{
"lessThan": "a78a6f0da57d058e2009e9958fdcef66f165208c",
"status": "affected",
"version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
"versionType": "git"
},
{
"lessThan": "be84f32bb2c981ca670922e047cdde1488b233de",
"status": "affected",
"version": "2fe5d6def1672ae6635dd71867bf36dcfaa7434b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/integrity/ima/ima_api.c",
"security/integrity/ima/ima_template_lib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.291",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.235",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.291",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.235",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Fix use-after-free on a dentry\u0027s dname.name\n\n-\u003ed_name.name can change on rename and the earlier value can be freed;\nthere are conditions sufficient to stabilize it (-\u003ed_lock on dentry,\n-\u003ed_lock on its parent, -\u003ei_rwsem exclusive on the parent\u0027s inode,\nrename_lock), but none of those are met at any of the sites. Take a stable\nsnapshot of the name instead."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:21:38.773Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/480afcbeb7aaaa22677d3dd48ec590b441eaac1a"
},
{
"url": "https://git.kernel.org/stable/c/edf287bc610b18d7a9c0c0c1cb2e97b9348c71bb"
},
{
"url": "https://git.kernel.org/stable/c/0b31e28fbd773aefb6164687e0767319b8199829"
},
{
"url": "https://git.kernel.org/stable/c/7fb374981e31c193b1152ed8d3b0a95b671330d4"
},
{
"url": "https://git.kernel.org/stable/c/dd431c3ac1fc34a9268580dd59ad3e3c76b32a8c"
},
{
"url": "https://git.kernel.org/stable/c/a78a6f0da57d058e2009e9958fdcef66f165208c"
},
{
"url": "https://git.kernel.org/stable/c/be84f32bb2c981ca670922e047cdde1488b233de"
}
],
"title": "ima: Fix use-after-free on a dentry\u0027s dname.name",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39494",
"datePublished": "2024-07-12T12:20:30.348Z",
"dateReserved": "2024-06-25T14:23:23.748Z",
"dateUpdated": "2026-05-11T20:21:38.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39908 (GCVE-0-2024-39908)
Vulnerability from cvelistv5 – Published: 2024-07-16 17:28 – Updated: 2025-11-03 20:38
VLAI
EPSS
Title
Denial of service in REXML
Summary
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:*"
],
"defaultStatus": "unknown",
"product": "rexml",
"vendor": "ruby-lang",
"versions": [
{
"lessThan": "3.3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T17:58:11.892191Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:47:24.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:38:21.548Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8"
},
{
"name": "https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250117-0008/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rexml",
"vendor": "ruby",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `\u003c`, `0` and `%\u003e`. If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. Users are advised to upgrade. Users unable to upgrade should avoid parsing untrusted XML strings."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T17:28:07.372Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8"
},
{
"name": "https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908"
}
],
"source": {
"advisory": "GHSA-4xqq-m2hx-25v8",
"discovery": "UNKNOWN"
},
"title": "Denial of service in REXML"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-39908",
"datePublished": "2024-07-16T17:28:07.372Z",
"dateReserved": "2024-07-02T19:37:18.600Z",
"dateUpdated": "2025-11-03T20:38:21.548Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40679 (GCVE-0-2024-40679)
Vulnerability from cvelistv5 – Published: 2025-01-08 00:44 – Updated: 2025-01-08 17:24
VLAI
EPSS
Title
IBM Db2 information disclosure
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40679",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-08T17:24:16.463105Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T17:24:57.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions."
}
],
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-08T00:44:37.346Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7175957"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-40679",
"datePublished": "2025-01-08T00:44:37.346Z",
"dateReserved": "2024-07-08T19:30:52.528Z",
"dateUpdated": "2025-01-08T17:24:57.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41110 (GCVE-0-2024-41110)
Vulnerability from cvelistv5 – Published: 2024-07-24 16:49 – Updated: 2024-10-13 21:03
VLAI
EPSS
Title
Moby authz zero length regression
Summary
Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.
Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.
A security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.
Docker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.
docker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege.
Severity
10 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
14 references
| URL | Tags |
|---|---|
| https://github.com/moby/moby/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/moby/moby/commit/411e817ddf710… | x_refsource_MISC |
| https://github.com/moby/moby/commit/42f40b1d6dd75… | x_refsource_MISC |
| https://github.com/moby/moby/commit/65cc597cea28c… | x_refsource_MISC |
| https://github.com/moby/moby/commit/852759a7df454… | x_refsource_MISC |
| https://github.com/moby/moby/commit/a31260625655c… | x_refsource_MISC |
| https://github.com/moby/moby/commit/a79fabbfe8411… | x_refsource_MISC |
| https://github.com/moby/moby/commit/ae160b4edddb7… | x_refsource_MISC |
| https://github.com/moby/moby/commit/ae2b3666c517c… | x_refsource_MISC |
| https://github.com/moby/moby/commit/cc13f95251115… | x_refsource_MISC |
| https://github.com/moby/moby/commit/fc274cd2ff4cf… | x_refsource_MISC |
| https://www.docker.com/blog/docker-security-advis… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2024080… | |
| https://lists.debian.org/debian-lts-announce/2024… |
Impacted products
12 products
| Vendor | Product | Version | |
|---|---|---|---|
| moby | moby |
Affected:
>= 19.03.0, <= 19.03.15
Affected: >= 20.0.0, <= 20.10.27 Affected: >= 23.0.0, <= 23.0.14 Affected: >= 24.0.0, <= 24.0.9 Affected: >= 25.0.0, <= 25.0.5 Affected: >= 26.0.0, <= 26.0.2 Affected: >= 26.1.0, <= 26.1.14 Affected: >= 27.0.0, <= 27.0.3 Affected: = 27.1.0 |
|
| docker | moby |
Affected:
19.0.0 , ≤ 19.03.15
(custom)
cpe:2.3:a:docker:moby:19.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
20.0.0 , ≤ 20.10.27
(custom)
cpe:2.3:a:docker:moby:20.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
23.0.0 , ≤ 23.0.14
(custom)
cpe:2.3:a:docker:moby:23.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
24.0.0 , ≤ 24.0.9
(custom)
cpe:2.3:a:docker:moby:24.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
25.0.0 , ≤ 25.0.5
(custom)
cpe:2.3:a:docker:moby:25.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
26.0.0 , ≤ 26.0.2
(custom)
cpe:2.3:a:docker:moby:26.1.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
26.1.0 , ≤ 26.1.14
(custom)
cpe:2.3:a:docker:moby:27.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
27.1.0
cpe:2.3:a:docker:moby:27.1.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
26.0.0 , ≤ 26.0.2
(custom)
cpe:2.3:a:docker:moby:26.0.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
26.1.0 , ≤ 26.1.14
(custom)
cpe:2.3:a:docker:moby:26.1.0:*:*:*:*:*:*:* |
|
| docker | moby |
Affected:
27.0.0 , ≤ 27.0.3
(custom)
cpe:2.3:a:docker:moby:27.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:docker:moby:19.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "19.03.15",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:20.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "20.10.27",
"status": "affected",
"version": "20.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:23.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "23.0.14",
"status": "affected",
"version": "23.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:24.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "24.0.9",
"status": "affected",
"version": "24.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:25.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "25.0.5",
"status": "affected",
"version": "25.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:26.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "26.0.2",
"status": "affected",
"version": "26.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:27.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "26.1.14",
"status": "affected",
"version": "26.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:27.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"status": "affected",
"version": "27.1.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:26.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "26.0.2",
"status": "affected",
"version": "26.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:26.1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "26.1.14",
"status": "affected",
"version": "26.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:docker:moby:27.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "moby",
"vendor": "docker",
"versions": [
{
"lessThanOrEqual": "27.0.3",
"status": "affected",
"version": "27.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41110",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-26T03:55:30.375492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T21:01:46.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-10-13T21:03:34.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq"
},
{
"name": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191"
},
{
"name": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76"
},
{
"name": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919"
},
{
"name": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b"
},
{
"name": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0"
},
{
"name": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1"
},
{
"name": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00"
},
{
"name": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f"
},
{
"name": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801"
},
{
"name": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb"
},
{
"name": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240802-0001/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "moby",
"vendor": "moby",
"versions": [
{
"status": "affected",
"version": "\u003e= 19.03.0, \u003c= 19.03.15"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c= 20.10.27"
},
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c= 23.0.14"
},
{
"status": "affected",
"version": "\u003e= 24.0.0, \u003c= 24.0.9"
},
{
"status": "affected",
"version": "\u003e= 25.0.0, \u003c= 25.0.5"
},
{
"status": "affected",
"version": "\u003e= 26.0.0, \u003c= 26.0.2"
},
{
"status": "affected",
"version": "\u003e= 26.1.0, \u003c= 26.1.14"
},
{
"status": "affected",
"version": "\u003e= 27.0.0, \u003c= 27.0.3"
},
{
"status": "affected",
"version": "= 27.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low.\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an authorization plugin without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\nA security issue was discovered In 2018, where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine v18.09.1 in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime are not vulnerable.\n\ndocker-ce v27.1.1 containes patches to fix the vulnerability. Patches have also been merged into the master, 19.03, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches. If one is unable to upgrade immediately, avoid using AuthZ plugins and/or restrict access to the Docker API to trusted parties, following the principle of least privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-187",
"description": "CWE-187: Partial String Comparison",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T19:09:22.764Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq"
},
{
"name": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191"
},
{
"name": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76"
},
{
"name": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919"
},
{
"name": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b"
},
{
"name": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0"
},
{
"name": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1"
},
{
"name": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00"
},
{
"name": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f"
},
{
"name": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801"
},
{
"name": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb"
},
{
"name": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin"
}
],
"source": {
"advisory": "GHSA-v23v-6jw2-98fq",
"discovery": "UNKNOWN"
},
"title": "Moby authz zero length regression"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41110",
"datePublished": "2024-07-24T16:49:53.068Z",
"dateReserved": "2024-07-15T15:53:28.321Z",
"dateUpdated": "2024-10-13T21:03:34.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41123 (GCVE-0-2024-41123)
Vulnerability from cvelistv5 – Published: 2024-08-01 14:18 – Updated: 2025-11-03 20:38
VLAI
EPSS
Title
REXML DoS vulnerability
Summary
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `>]` and `]>`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/ruby/rexml/security/advisories… | x_refsource_CONFIRM |
| https://github.com/ruby/rexml/security/advisories… | x_refsource_MISC |
| https://github.com/ruby/rexml/security/advisories… | x_refsource_MISC |
| https://www.ruby-lang.org/en/news/2024/08/01/dos-… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2024122… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:*"
],
"defaultStatus": "unknown",
"product": "rexml",
"vendor": "ruby-lang",
"versions": [
{
"lessThan": "3.3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T14:33:21.621506Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:46:58.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:38:32.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241227-0005/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rexml",
"vendor": "ruby",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "REXML is an XML toolkit for Ruby. The REXML gem before 3.3.2 has some DoS vulnerabilities when it parses an XML that has many specific characters such as whitespace character, `\u003e]` and `]\u003e`. The REXML gem 3.3.3 or later include the patches to fix these vulnerabilities."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T14:18:43.611Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-r55c-59qm-vjw6"
},
{
"name": "https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8"
},
{
"name": "https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh"
},
{
"name": "https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41123"
}
],
"source": {
"advisory": "GHSA-r55c-59qm-vjw6",
"discovery": "UNKNOWN"
},
"title": "REXML DoS vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41123",
"datePublished": "2024-08-01T14:18:43.611Z",
"dateReserved": "2024-07-15T15:53:28.323Z",
"dateUpdated": "2025-11-03T20:38:32.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41761 (GCVE-0-2024-41761)
Vulnerability from cvelistv5 – Published: 2024-11-23 01:57 – Updated: 2024-11-23 13:28
VLAI
EPSS
Title
IBM Db2 denial of service
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-789 - Uncontrolled Memory Allocation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Affected:
10.5, 11.1, 11.5
cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-23T13:20:54.856426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T13:28:21.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2 for Linux, UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.5, 11.1, 11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.\u003c/span\u003e"
}
],
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Uncontrolled Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T01:57:40.048Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7175947"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41761",
"datePublished": "2024-11-23T01:57:40.048Z",
"dateReserved": "2024-07-22T12:02:49.316Z",
"dateUpdated": "2024-11-23T13:28:21.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41762 (GCVE-0-2024-41762)
Vulnerability from cvelistv5 – Published: 2024-12-07 13:30 – Updated: 2024-12-09 18:02
VLAI
EPSS
Title
IBM Db2 denial of service
Summary
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-789 - Uncontrolled Memory Allocation
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Db2 for Linux, UNIX and Windows |
Affected:
10.5, 11.1, 11.5
cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:* cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:* cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:* cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T17:37:08.932114Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T18:02:07.852Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:hp-ux:*:*",
"cpe:2.3:a:ibm:db2:10.5:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:hp-ux:*:*",
"cpe:2.3:a:ibm:db2:11.1:*:*:*:*:windows:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:linux:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:unix:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:aix:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:hp-ux:*:*",
"cpe:2.3:a:ibm:db2:11.5:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Db2 for Linux, UNIX and Windows",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "10.5, 11.1, 11.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.\u003c/span\u003e"
}
],
"value": "IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Uncontrolled Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-07T13:30:48.904Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7175946"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Db2 denial of service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-41762",
"datePublished": "2024-12-07T13:30:48.904Z",
"dateReserved": "2024-07-22T12:02:49.316Z",
"dateUpdated": "2024-12-09T18:02:07.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41946 (GCVE-0-2024-41946)
Vulnerability from cvelistv5 – Published: 2024-08-01 14:22 – Updated: 2025-11-03 20:38
VLAI
EPSS
Title
REXML DoS vulnerability
Summary
REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/ruby/rexml/security/advisories… | x_refsource_CONFIRM |
| https://github.com/ruby/rexml/commit/033d1909a8f2… | x_refsource_MISC |
| https://www.ruby-lang.org/en/news/2008/08/23/dos-… | x_refsource_MISC |
| https://www.ruby-lang.org/en/news/2024/08/01/dos-… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2025011… | |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:*"
],
"defaultStatus": "unknown",
"product": "rexml",
"vendor": "ruby-lang",
"versions": [
{
"lessThan": "3.3.3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41946",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T15:45:10.507112Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T15:50:11.993Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:38:34.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250117-0007/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rexml",
"vendor": "ruby",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "REXML is an XML toolkit for Ruby. The REXML gem 3.3.2 has a DoS vulnerability when it parses an XML that has many entity expansions with SAX2 or pull parser API. The REXML gem 3.3.3 or later include the patch to fix the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T14:22:14.014Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-5866-49gr-22v4"
},
{
"name": "https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ruby/rexml/commit/033d1909a8f259d5a7c53681bcaf14f13bcf0368"
},
{
"name": "https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml"
},
{
"name": "https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.ruby-lang.org/en/news/2024/08/01/dos-rexml-cve-2024-41946"
}
],
"source": {
"advisory": "GHSA-5866-49gr-22v4",
"discovery": "UNKNOWN"
},
"title": "REXML DoS vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41946",
"datePublished": "2024-08-01T14:22:14.014Z",
"dateReserved": "2024-07-24T16:51:40.948Z",
"dateUpdated": "2025-11-03T20:38:34.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…