Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0512
Vulnerability from certfr_avis - Published: 2025-06-13 - Updated: 2025-06-13
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.16 | ||
| IBM | Db2 | Db2 versions antérieures à 5.2.0 pour Cloud Pak for Data | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 FP1 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 IF4 | ||
| IBM | Db2 Warehouse | Db2 warehouse versions antérieures à 5.2.0 pour Cloud Pak for Data |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 FP1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 IF4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 warehouse versions ant\u00e9rieures \u00e0 5.2.0 pour Cloud Pak for Data",
"product": {
"name": "Db2 Warehouse",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-0917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0917"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2021-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33036"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2020-9546",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2025-47944",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47944"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2025-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
},
{
"name": "CVE-2025-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2020-9548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2023-45178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
},
{
"name": "CVE-2024-47076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47076"
},
{
"name": "CVE-2024-47177",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47177"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-26612",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26612"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2024-31881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31881"
},
{
"name": "CVE-2020-9547",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2025-0923",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0923"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2024-31880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31880"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2024-28762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28762"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2025-43859",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43859"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2024-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
},
{
"name": "CVE-2022-3510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
},
{
"name": "CVE-2022-3509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2024-37529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37529"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2021-25642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25642"
},
{
"name": "CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2020-9492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9492"
},
{
"name": "CVE-2025-27220",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-52046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52046"
},
{
"name": "CVE-2021-37404",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37404"
},
{
"name": "CVE-2025-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47935"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2023-44981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44981"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2024-57965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
},
{
"name": "CVE-2023-29267",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29267"
},
{
"name": "CVE-2024-31882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31882"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2024-47176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47176"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2023-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2022-42969",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2024-41091",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41091"
},
{
"name": "CVE-2024-35152",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35152"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2025-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25032"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2024-47175",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47175"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2023-39663",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39663"
},
{
"name": "CVE-2024-35136",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35136"
},
{
"name": "CVE-2022-25168",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25168"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
}
],
"initial_release_date": "2025-06-13T00:00:00",
"last_revision_date": "2025-06-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0512",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236500",
"url": "https://www.ibm.com/support/pages/node/7236500"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7234674",
"url": "https://www.ibm.com/support/pages/node/7234674"
},
{
"published_at": "2025-06-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7236354",
"url": "https://www.ibm.com/support/pages/node/7236354"
}
]
}
CVE-2024-52046 (GCVE-0-2024-52046)
Vulnerability from cvelistv5 – Published: 2024-12-25 10:06 – Updated: 2025-08-02 03:55
VLAI
EPSS
Title
Apache MINA: MINA applications using unbounded deserialization may allow RCE
Summary
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process
incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows
attackers to exploit the deserialization process by sending specially crafted malicious serialized data,
potentially leading to remote code execution (RCE) attacks.
This issue affects MINA core versions 2.0.X, 2.1.X and 2.2.X, and will be fixed by the releases 2.0.27, 2.1.10 and 2.2.4.
It's also important to note that an application using MINA core library will only be affected if the IoBuffer#getObject() method is called, and this specific method is potentially called when adding a ProtocolCodecFilter instance using the ObjectSerializationCodecFactory class in the filter chain. If your application is specifically using those classes, you have to upgrade to the latest version of MINA core library.
Upgrading will not be enough: you also need to explicitly allow the classes the decoder will accept in the ObjectSerializationDecoder instance, using one of the three new methods:
/**
* Accept class names where the supplied ClassNameMatcher matches for
* deserialization, unless they are otherwise rejected.
*
* @param classNameMatcher the matcher to use
*/
public void accept(ClassNameMatcher classNameMatcher)
/**
* Accept class names that match the supplied pattern for
* deserialization, unless they are otherwise rejected.
*
* @param pattern standard Java regexp
*/
public void accept(Pattern pattern)
/**
* Accept the wildcard specified classes for deserialization,
* unless they are otherwise rejected.
*
* @param patterns Wildcard file name patterns as defined by
* {@link org.apache.commons.io.FilenameUtils#wildcardMatch(String, String) FilenameUtils.wildcardMatch}
*/
public void accept(String... patterns)
By default, the decoder will reject *all* classes that will be present in the incoming data.
Note: The FtpServer, SSHd and Vysper sub-project are not affected by this issue.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
3 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache MINA |
Unknown:
2.0 , ≤ 2.0.26
(semver)
Affected: 2.1 , ≤ 2.1.9 (semver) Affected: 2.2 , ≤ 2.2.3 (semver) |
Credits
The initial report was submitted by Bofei Chen, with all the necessary bits to reproduce the RCE
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-01-03T12:04:29.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/25/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250103-0001/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-02T03:55:42.727Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.mina:mina-core",
"product": "Apache MINA",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.0.26",
"status": "unknown",
"version": "2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.1.9",
"status": "affected",
"version": "2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.2.3",
"status": "affected",
"version": "2.2",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "The initial report was submitted by Bofei Chen, with all the necessary bits to reproduce the RCE"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\n\t\t\t\u003cdiv\u003e\n\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\u003cdiv\u003e\n\t\t\t\t\t\t\u003cp\u003eThe ObjectSerializationDecoder in Apache MINA uses Java\u2019s native deserialization protocol to process\nincoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows\nattackers to exploit the deserialization process by sending specially crafted malicious serialized data,\npotentially leading to remote code execution (RCE) attacks.\n\u003c/p\u003e\n\t\t\t\t\t\u003c/div\u003e\n\t\t\t\t\u003c/div\u003e\n\t\t\t\u003c/div\u003e\n\t\t\u003c/div\u003e\u003cdiv\u003e\n\t\nThis issue affects MINA core versions 2.0.X, 2.1.X and 2.2.X, and will be fixed by the releases 2.0.27, 2.1.10 and 2.2.4.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eIt\u0027s also important to note that an application using MINA core library will only be affected if the \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIoBuffer#getObject\u003c/span\u003e\u003c/span\u003e() method is called, and this specific method is potentially called when adding a ProtocolCodecFilter instance using the \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(212, 212, 212);\"\u003eObjectSerializationCodecFactory\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e class in the filter chain. If your application is specifically using those classes, you have to upgrade to the latest version of MINA core library.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUpgrading will\u0026nbsp; not be enough: you also need to explicitly allow the classes the decoder will accept in the \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(212, 212, 212);\"\u003eObjectSerializationDecoder\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e instance, using one of the three new methods:\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003e /**\u003c/p\u003e\u003cp\u003e\u0026nbsp; \u0026nbsp;\u0026nbsp; * Accept class names where the supplied ClassNameMatcher matches for\u003c/p\u003e\u003cp\u003e * deserialization, unless they are otherwise rejected.\u003c/p\u003e\u003cp\u003e *\u003c/p\u003e\u003cp\u003e * @param classNameMatcher the matcher to use\u003c/p\u003e\u003cp\u003e */\u003c/p\u003e\u003cp\u003e public void \u003cspan style=\"background-color: rgb(212, 212, 212);\"\u003eaccept\u003c/span\u003e(ClassNameMatcher classNameMatcher)\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003e /**\u003c/p\u003e\u003cp\u003e * Accept class names that match the supplied pattern for\u003c/p\u003e\u003cp\u003e * deserialization, unless they are otherwise rejected.\u003c/p\u003e\u003cp\u003e *\u003c/p\u003e\u003cp\u003e * @param pattern standard Java regexp\u003c/p\u003e\u003cp\u003e */\u003c/p\u003e\u003cp\u003e public void accept(Pattern pattern) \u003cbr\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003e /**\u003c/p\u003e\u003cp\u003e * Accept the wildcard specified classes for deserialization,\u003c/p\u003e\u003cp\u003e * unless they are otherwise rejected.\u003c/p\u003e\u003cp\u003e *\u003c/p\u003e\u003cp\u003e * @param patterns Wildcard file name patterns as defined by\u003c/p\u003e\u003cp\u003e * {@link org.apache.commons.io.FilenameUtils#wildcardMatch(String, String) FilenameUtils.wildcardMatch}\u003c/p\u003e\u003cp\u003e */\u003c/p\u003e\u003cp\u003e public void accept(String... patterns)\u003cbr\u003e\u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eBy default, the decoder will reject *all* classes that will be present in the incoming data.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eNote: The FtpServer, SSHd and Vysper sub-project are not affected by this issue.\u003cbr\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "The ObjectSerializationDecoder in Apache MINA uses Java\u2019s native deserialization protocol to process\nincoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows\nattackers to exploit the deserialization process by sending specially crafted malicious serialized data,\npotentially leading to remote code execution (RCE) attacks.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\nThis issue affects MINA core versions 2.0.X, 2.1.X and 2.2.X, and will be fixed by the releases 2.0.27, 2.1.10 and 2.2.4.\n\n\n\n\n\nIt\u0027s also important to note that an application using MINA core library will only be affected if the IoBuffer#getObject() method is called, and this specific method is potentially called when adding a ProtocolCodecFilter instance using the ObjectSerializationCodecFactory class in the filter chain. If your application is specifically using those classes, you have to upgrade to the latest version of MINA core library.\n\n\n\n\nUpgrading will\u00a0 not be enough: you also need to explicitly allow the classes the decoder will accept in the ObjectSerializationDecoder instance, using one of the three new methods:\n\n\n\n\n /**\n\n\u00a0 \u00a0\u00a0 * Accept class names where the supplied ClassNameMatcher matches for\n\n * deserialization, unless they are otherwise rejected.\n\n *\n\n * @param classNameMatcher the matcher to use\n\n */\n\n public void accept(ClassNameMatcher classNameMatcher)\n\n\n\n\n /**\n\n * Accept class names that match the supplied pattern for\n\n * deserialization, unless they are otherwise rejected.\n\n *\n\n * @param pattern standard Java regexp\n\n */\n\n public void accept(Pattern pattern) \n\n\n\n\n\n /**\n\n * Accept the wildcard specified classes for deserialization,\n\n * unless they are otherwise rejected.\n\n *\n\n * @param patterns Wildcard file name patterns as defined by\n\n * {@link org.apache.commons.io.FilenameUtils#wildcardMatch(String, String) FilenameUtils.wildcardMatch}\n\n */\n\n public void accept(String... patterns)\n\n\n\n\n\n\n\nBy default, the decoder will reject *all* classes that will be present in the incoming data.\n\n\n\n\n\n\n\nNote: The FtpServer, SSHd and Vysper sub-project are not affected by this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T09:33:36.380Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache MINA: MINA applications using unbounded deserialization may allow RCE",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-52046",
"datePublished": "2024-12-25T10:06:23.887Z",
"dateReserved": "2024-11-05T13:13:06.944Z",
"dateUpdated": "2025-08-02T03:55:42.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-52798 (GCVE-0-2024-52798)
Vulnerability from cvelistv5 – Published: 2024-12-05 22:45 – Updated: 2025-01-24 20:03
VLAI
EPSS
Title
path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x
Summary
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/pillarjs/path-to-regexp/securi… | x_refsource_CONFIRM |
| https://github.com/pillarjs/path-to-regexp/commit… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2025012… |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| pillarjs | path-to-regexp |
Affected:
< 0.1.12
|
|
| pillarjs | path-to-regexp |
Affected:
0 , < 0.1.12
(custom)
cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "path-to-regexp",
"vendor": "pillarjs",
"versions": [
{
"lessThan": "0.1.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-09T14:53:29.827845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-09T14:54:43.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-24T20:03:11.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "path-to-regexp",
"vendor": "pillarjs",
"versions": [
{
"status": "affected",
"version": "\u003c 0.1.12"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T22:45:42.774Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w"
},
{
"name": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"
}
],
"source": {
"advisory": "GHSA-rhx6-c78j-4q9w",
"discovery": "UNKNOWN"
},
"title": "path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-52798",
"datePublished": "2024-12-05T22:45:42.774Z",
"dateReserved": "2024-11-15T17:11:13.440Z",
"dateUpdated": "2025-01-24T20:03:11.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-53197 (GCVE-0-2024-53197)
Vulnerability from cvelistv5 – Published: 2024-12-27 13:49 – Updated: 2026-05-11 20:52
VLAI
EPSS
Title
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
A bogus device can provide a bNumConfigurations value that exceeds the
initial value used in usb_get_configuration for allocating dev->config.
This can lead to out-of-bounds accesses later, e.g. in
usb_destroy_configuration.
Severity
7.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
12 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 0b4ea4bfe16566b84645ded1403756a2dc4e0f19
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9b8460a2a7ce478e0b625af7c56d444dc24190f7 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 62dc01c83fa71e10446ee4c31e0e3d5d1291e865 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9887d859cd60727432a01564e8f91302d361b72b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 920a369a9f014f10ec282fd298d0666129379f1b (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b8f8b81dabe52b413fe9e062e8a852c48dd0680d (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 379d3b9799d9da953391e973b934764f01e03960 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b909df18ce2a998afef81d58bbd1a05dc0788c40 (git) |
|
| Linux | Linux |
Affected:
2.6.12
Unaffected: 0 , < 2.6.12 (semver) Unaffected: 4.19.325 , ≤ 4.19.* (semver) Unaffected: 5.4.287 , ≤ 5.4.* (semver) Unaffected: 5.10.231 , ≤ 5.10.* (semver) Unaffected: 5.15.174 , ≤ 5.15.* (semver) Unaffected: 6.1.120 , ≤ 6.1.* (semver) Unaffected: 6.6.64 , ≤ 6.6.* (semver) Unaffected: 6.11.11 , ≤ 6.11.* (semver) Unaffected: 6.12.2 , ≤ 6.12.* (semver) Unaffected: 6.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-53197",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T18:17:11.337680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-04-09",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53197"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:33.453Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-53197"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-09T00:00:00.000Z",
"value": "CVE-2024-53197 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:47:29.910Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/usb/quirks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0b4ea4bfe16566b84645ded1403756a2dc4e0f19",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9b8460a2a7ce478e0b625af7c56d444dc24190f7",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "62dc01c83fa71e10446ee4c31e0e3d5d1291e865",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "9887d859cd60727432a01564e8f91302d361b72b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "920a369a9f014f10ec282fd298d0666129379f1b",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b8f8b81dabe52b413fe9e062e8a852c48dd0680d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "379d3b9799d9da953391e973b934764f01e03960",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b909df18ce2a998afef81d58bbd1a05dc0788c40",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/usb/quirks.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.325",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.287",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.231",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.325",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.287",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.231",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.174",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.120",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.64",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.11",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.2",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.13",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices\n\nA bogus device can provide a bNumConfigurations value that exceeds the\ninitial value used in usb_get_configuration for allocating dev-\u003econfig.\n\nThis can lead to out-of-bounds accesses later, e.g. in\nusb_destroy_configuration."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:52:43.330Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0b4ea4bfe16566b84645ded1403756a2dc4e0f19"
},
{
"url": "https://git.kernel.org/stable/c/9b8460a2a7ce478e0b625af7c56d444dc24190f7"
},
{
"url": "https://git.kernel.org/stable/c/62dc01c83fa71e10446ee4c31e0e3d5d1291e865"
},
{
"url": "https://git.kernel.org/stable/c/9887d859cd60727432a01564e8f91302d361b72b"
},
{
"url": "https://git.kernel.org/stable/c/920a369a9f014f10ec282fd298d0666129379f1b"
},
{
"url": "https://git.kernel.org/stable/c/b8f8b81dabe52b413fe9e062e8a852c48dd0680d"
},
{
"url": "https://git.kernel.org/stable/c/379d3b9799d9da953391e973b934764f01e03960"
},
{
"url": "https://git.kernel.org/stable/c/b521b53ac6eb04e41c03f46f7fe452e4d8e9bcca"
},
{
"url": "https://git.kernel.org/stable/c/b909df18ce2a998afef81d58bbd1a05dc0788c40"
}
],
"title": "ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-53197",
"datePublished": "2024-12-27T13:49:39.260Z",
"dateReserved": "2024-11-19T17:17:25.015Z",
"dateUpdated": "2026-05-11T20:52:43.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-53382 (GCVE-0-2024-53382)
Vulnerability from cvelistv5 – Published: 2025-03-03 00:00 – Updated: 2025-03-03 21:53
VLAI
EPSS
Summary
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
Severity
4.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-53382",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T21:52:57.337439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T21:53:33.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Prism",
"vendor": "PrismJS",
"versions": [
{
"lessThanOrEqual": "1.29.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:prismjs:prism:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T06:36:55.825Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"
},
{
"url": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-53382",
"datePublished": "2025-03-03T00:00:00.000Z",
"dateReserved": "2024-11-20T00:00:00.000Z",
"dateUpdated": "2025-03-03T21:53:33.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56171 (GCVE-0-2024-56171)
Vulnerability from cvelistv5 – Published: 2025-02-18 00:00 – Updated: 2025-11-03 20:49
VLAI
EPSS
Summary
libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - Use After Free
Assigner
References
11 references
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56171",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T16:26:31.484719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T16:26:41.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:49:05.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0010/"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/13"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/10"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/9"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/8"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/5"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/4"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/12"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/11"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libxml2",
"vendor": "xmlsoft",
"versions": [
{
"lessThan": "2.12.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "2.13.6",
"status": "affected",
"version": "2.13.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.12.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.13.6",
"versionStartIncluding": "2.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T22:10:20.934Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-56171",
"datePublished": "2025-02-18T00:00:00.000Z",
"dateReserved": "2024-12-18T00:00:00.000Z",
"dateUpdated": "2025-11-03T20:49:05.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-57965 (GCVE-0-2024-57965)
Vulnerability from cvelistv5 – Published: 2025-01-29 00:00 – Updated: 2025-01-29 14:14 Disputed
VLAI
EPSS
Summary
In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-57965",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T14:14:16.313627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T14:14:23.882Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "axios",
"vendor": "axios",
"versions": [
{
"lessThan": "1.7.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.7.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute(\u0027href\u0027,href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T09:09:06.421Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/axios/axios/issues/6351"
},
{
"url": "https://github.com/axios/axios/releases/tag/v1.7.8"
},
{
"url": "https://github.com/axios/axios/commit/0a8d6e19da5b9899a2abafaaa06a75ee548597db"
},
{
"url": "https://github.com/axios/axios/pull/6714"
}
],
"tags": [
"disputed"
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-57965",
"datePublished": "2025-01-29T00:00:00.000Z",
"dateReserved": "2025-01-29T00:00:00.000Z",
"dateUpdated": "2025-01-29T14:14:23.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6345 (GCVE-0-2024-6345)
Vulnerability from cvelistv5 – Published: 2024-07-15 00:00 – Updated: 2025-11-04 16:15
VLAI
EPSS
Title
Remote Code Execution in pypa/setuptools
Summary
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| pypa | pypa/setuptools |
Affected:
unspecified , < 70.0
(custom)
|
|
| python | setuptools |
Affected:
69.1.1 , < 70.0
(custom)
cpe:2.3:a:python:setuptools:69.1.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python:setuptools:69.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "setuptools",
"vendor": "python",
"versions": [
{
"lessThan": "70.0",
"status": "affected",
"version": "69.1.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6345",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:33:16.586239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:38:34.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:15:51.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pypa/setuptools",
"vendor": "pypa",
"versions": [
{
"lessThan": "70.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:00:14.545Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
},
{
"url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
}
],
"source": {
"advisory": "d6362117-ad57-4e83-951f-b8141c6e7ca5",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution in pypa/setuptools"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-6345",
"datePublished": "2024-07-15T00:00:14.545Z",
"dateReserved": "2024-06-26T08:16:17.895Z",
"dateUpdated": "2025-11-04T16:15:51.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-6827 (GCVE-0-2024-6827)
Vulnerability from cvelistv5 – Published: 2025-03-20 10:09 – Updated: 2025-10-15 12:50
VLAI
EPSS
Title
HTTP Request Smuggling in benoitc/gunicorn
Summary
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| benoitc | benoitc/gunicorn |
Affected:
unspecified , ≤ latest
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6827",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:52:37.458445Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:32:51.799Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "benoitc/gunicorn",
"vendor": "benoitc",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gunicorn version 21.2.0 does not properly validate the value of the \u0027Transfer-Encoding\u0027 header as specified in the RFC standards, which leads to the default fallback method of \u0027Content-Length,\u0027 making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444 Inconsistent Interpretation of HTTP Requests",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:50:33.638Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/1b4f8f38-39da-44b6-9f98-f618639d0dd7"
}
],
"source": {
"advisory": "1b4f8f38-39da-44b6-9f98-f618639d0dd7",
"discovery": "EXTERNAL"
},
"title": "HTTP Request Smuggling in benoitc/gunicorn"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-6827",
"datePublished": "2025-03-20T10:09:55.725Z",
"dateReserved": "2024-07-16T23:32:47.872Z",
"dateUpdated": "2025-10-15T12:50:33.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7254 (GCVE-0-2024-7254)
Vulnerability from cvelistv5 – Published: 2024-09-19 00:18 – Updated: 2025-09-08 09:37
VLAI
EPSS
Title
Stack overflow in Protocol Buffers Java Lite
Summary
Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
Impacted products
8 products
| Vendor | Product | Version | |
|---|---|---|---|
| Protocol Buffers |
Affected:
0 , < 28.2
(custom)
|
||
| protobuf-java |
Affected:
0 , < 3.25.5
(custom)
Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom) |
||
| protobuf-javalite |
Affected:
0 , < 3.25.5
(custom)
Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom) |
||
| protobuf-kotlin |
Affected:
0 , < 3.25.5
(custom)
Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom) |
||
| protobuf-kotllin-lite |
Affected:
0 , < 3.25.5
(custom)
Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom) |
||
| google-protobuf [JRuby Gem] |
Affected:
0 , < 3.25.5
(custom)
Affected: 0 , < 4.27.5 (custom) Affected: 0 , < 4.28.2 (custom) |
||
| protobuf |
Affected:
0 , < 28.2
(custom)
cpe:2.3:a:google:protobuf:*:*:*:*:*:*:*:* |
||
| protobuf-kotlin-lite |
Affected:
0 , < 3.25.5
(custom)
Affected: 4.27 , < 4.27.5 (custom) Affected: 4.28 , < 4.28.2 (custom) cpe:2.3:a:google:google-protobuf:*:*:*:*:*:ruby:*:* cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:* cpe:2.3:a:google:protobuf-javalite:*:*:*:*:*:*:*:* cpe:2.3:a:google:protobuf-kotlin:*:*:*:*:*:*:*:* cpe:2.3:a:google:protobuf-kotlin-lite:*:*:*:*:*:*:*:* |
Credits
Alexis Challande, Trail of Bits Ecosystem Security Team <ecosystem@trailofbits.com>
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:google:protobuf:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "protobuf",
"vendor": "google",
"versions": [
{
"lessThan": "28.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:google:google-protobuf:*:*:*:*:*:ruby:*:*",
"cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*",
"cpe:2.3:a:google:protobuf-javalite:*:*:*:*:*:*:*:*",
"cpe:2.3:a:google:protobuf-kotlin:*:*:*:*:*:*:*:*",
"cpe:2.3:a:google:protobuf-kotlin-lite:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "protobuf-kotlin-lite",
"vendor": "google",
"versions": [
{
"lessThan": "3.25.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.27.5",
"status": "affected",
"version": "4.27",
"versionType": "custom"
},
{
"lessThan": "4.28.2",
"status": "affected",
"version": "4.28",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7254",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-19T14:29:43.468555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-19T14:46:14.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-19T00:11:07.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241213-0010/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250418-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Protocol Buffers",
"repo": "https://github.com/protocolbuffers/protobuf",
"vendor": "Google",
"versions": [
{
"lessThan": "28.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://mvnrepository.com/artifact/com.google.protobuf/protobuf-java",
"defaultStatus": "unaffected",
"product": "protobuf-java",
"vendor": "Google",
"versions": [
{
"lessThan": "3.25.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.27.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.28.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "protobuf-javalite",
"vendor": "Google",
"versions": [
{
"lessThan": "3.25.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.27.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.28.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "protobuf-kotlin",
"vendor": "Google",
"versions": [
{
"lessThan": "3.25.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.27.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.28.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "protobuf-kotllin-lite",
"vendor": "Google",
"versions": [
{
"lessThan": "3.25.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.27.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.28.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"collectionURL": "https://rubygems.org/gems/google-protobuf",
"defaultStatus": "unaffected",
"product": "google-protobuf [JRuby Gem]",
"vendor": "Google",
"versions": [
{
"lessThan": "3.25.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.27.5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "4.28.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alexis Challande, Trail of Bits Ecosystem Security Team \u003cecosystem@trailofbits.com\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAny project that parses untrusted Protocol Buffers data\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;containing an arbitrary number of nested \u003c/span\u003e\u003ccode\u003egroup\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003es / series of \u003c/span\u003e\u003ccode\u003eSGROUP\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;tags can corrupted by exceeding the stack limit i.e. StackOverflow. \u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003eParsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Any project that parses untrusted Protocol Buffers data\u00a0containing an arbitrary number of nested groups / series of SGROUP\u00a0tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-08T09:37:53.702Z",
"orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"shortName": "Google"
},
"references": [
{
"url": "https://github.com/protocolbuffers/protobuf/commit/cc8b3483a5584b3301e3d43d17eb59704857ffaa"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Stack overflow in Protocol Buffers Java Lite",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
"assignerShortName": "Google",
"cveId": "CVE-2024-7254",
"datePublished": "2024-09-19T00:18:45.824Z",
"dateReserved": "2024-07-29T21:41:56.116Z",
"dateUpdated": "2025-09-08T09:37:53.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0917 (GCVE-0-2025-0917)
Vulnerability from cvelistv5 – Published: 2025-06-11 17:27 – Updated: 2025-08-24 11:56
VLAI
EPSS
Title
IBM Cognos Analytics cross-site scripting
Summary
IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7234674 | vendor-advisorypatch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | Cognos Analytics |
Affected:
11.2.0
Affected: 11.2.1 Affected: 11.2.2 Affected: 11.2.3 Affected: 11.2.4 Affected: 12.0.0 Affected: 12.0.1 Affected: 12.0.2 Affected: 12.0.3 Affected: 12.0.4 cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T17:42:01.055858Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T17:43:31.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cognos_analytics:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:11.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:11.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:11.2.4:interm_fix3:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:12.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:12.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:12.0.2:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:12.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cognos_analytics:12.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Cognos Analytics",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "11.2.0"
},
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "11.2.2"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.4"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.3"
},
{
"status": "affected",
"version": "12.0.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:56:28.910Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7234674"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Cognos Analytics 12.0.4 FP1 IBM Cognos Analytics 12.0.4 Fix Pack 1\u003cbr\u003eIBM Cognos Analytics 11.2.4 IF4 IBM Cognos Analytics 11.2.4.5 Interim Fix 5\u003cbr\u003e\u003cbr\u003eIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required.\u003cbr\u003e"
}
],
"value": "IBM Cognos Analytics 12.0.4 FP1 IBM Cognos Analytics 12.0.4 Fix Pack 1\nIBM Cognos Analytics 11.2.4 IF4 IBM Cognos Analytics 11.2.4.5 Interim Fix 5\n\nIBM Cognos Analytics 11.2.0-11.2.4 IF3 customers that have already applied IBM Cognos Analytics 11.2.4 IF4 and/or 11.2.4 IF5, no further action is required."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Cognos Analytics cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0917",
"datePublished": "2025-06-11T17:27:49.930Z",
"dateReserved": "2025-01-30T23:58:48.707Z",
"dateUpdated": "2025-08-24T11:56:28.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…