Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-32206 (GCVE-0-2022-32206)
Vulnerability from cvelistv5 – Published: 2022-07-07 00:00 – Updated: 2025-05-05 16:16
VLAI
EPSS
Summary
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling (CWE-770)
Assigner
References
11 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | https://github.com/curl/curl |
Affected:
Fixed in 7.84.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:56.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1570651"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-32206",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:30:52.597184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T16:16:54.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "https://github.com/curl/curl",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 7.84.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling (CWE-770)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-15T00:00:00.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1570651"
},
{
"name": "FEDORA-2022-1b3d7f6973",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/"
},
{
"name": "DSA-5197",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"url": "https://support.apple.com/kb/HT213488"
},
{
"name": "20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/41"
},
{
"name": "20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/Oct/28"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"name": "GLSA-202212-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"name": "[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-32206",
"datePublished": "2022-07-07T00:00:00.000Z",
"dateReserved": "2022-06-01T00:00:00.000Z",
"dateUpdated": "2025-05-05T16:16:54.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-32206",
"date": "2026-06-06",
"epss": "0.03367",
"percentile": "0.87598"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-32206\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2022-07-07T13:15:08.340\",\"lastModified\":\"2025-05-05T17:18:13.120\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"curl \u003c 7.84.0 supports \\\"chained\\\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \\\"links\\\" in this \\\"decompression chain\\\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \\\"malloc bomb\\\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.\"},{\"lang\":\"es\",\"value\":\"curl versiones anteriores a 7.84.0, soporta algoritmos de compresi\u00f3n HTTP \\\"encadenados\\\", lo que significa que una respuesta al servidor puede ser comprimida m\u00faltiples veces y potencialmente con diferentes algoritmos. El n\u00famero de \\\"eslabones\\\" aceptables en esta \\\"cadena de descompresi\u00f3n\\\" era ilimitado, lo que permit\u00eda a un servidor malicioso insertar un n\u00famero pr\u00e1cticamente ilimitado de pasos de compresi\u00f3n. El uso de una cadena de descompresi\u00f3n de este tipo pod\u00eda resultar en una \\\"bomba de malloc\\\", haciendo que curl acabara gastando enormes cantidades de memoria de mont\u00f3n asignada, o intentando y devolviendo errores de memoria\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.84.0\",\"matchCriteriaId\":\"C157D010-3A81-4AAE-8FB6-51B559AF29B2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FE996B1-6951-4F85-AA58-B99A379D2163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85DF4B3F-4BBC-42B7-B729-096934523D63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3C19813-E823-456A-B1CE-EC0684CE1953\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7447BC-F315-4298-A822-549942FC118B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_sc622-2c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50FEE5FA-B141-4E5F-8673-363089262530\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_sc622-2c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"21A75847-54F1-453A-82D7-B6D2CB2DE7AA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_sc626-2c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAC3EE40-4398-4337-B40E-8AACDF225BBF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_sc626-2c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"ECCD4A67-EA4B-47C7-83F8-5CCC18BC3C94\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_sc632-2c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"E00E02E5-109C-44E7-8C20-BFEE7C739ADC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_sc632-2c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A79836B-5EC1-40AF-8A57-9657EF6758E5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_sc636-2c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"E1BC85A6-386C-43E9-9266-50F8C53C7362\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_sc636-2c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCB9BD17-7F1F-42E9-831F-EB907F9BC214\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_sc642-2c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"6ACE6C40-E0BB-4D65-A76E-BCCA262AF2FD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_sc642-2c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10C7D54A-27B4-4195-8131-DD5380472A75\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_sc646-2c_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0\",\"matchCriteriaId\":\"9BFAB0B9-3C01-4066-B9CD-5A7C4A66AA3C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_sc646-2c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E54AF1E6-0E52-447C-8946-18716D30EBE2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.12\",\"matchCriteriaId\":\"5722E753-75DE-4944-A11B-556CB299B57D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0.0\",\"versionEndExcluding\":\"9.0.6\",\"matchCriteriaId\":\"DC0F9351-81A4-4FEA-B6B5-6E960A933D32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/28\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/41\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/02/15/3\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/1570651\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202212-01\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220915-0003/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213488\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5197\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/28\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2022/Oct/41\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2023/02/15/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/1570651\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202212-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20220915-0003/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT213488\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5197\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://hackerone.com/reports/1570651\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/\", \"name\": \"FEDORA-2022-1b3d7f6973\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5197\", \"name\": \"DSA-5197\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html\", \"name\": \"[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220915-0003/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT213488\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/41\", \"name\": \"20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/28\", \"name\": \"20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/202212-01\", \"name\": \"GLSA-202212-01\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/02/15/3\", \"name\": \"[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T07:32:56.021Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-32206\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:30:52.597184Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-05T13:10:42.874Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"https://github.com/curl/curl\", \"versions\": [{\"status\": \"affected\", \"version\": \"Fixed in 7.84.0\"}]}], \"references\": [{\"url\": \"https://hackerone.com/reports/1570651\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/\", \"name\": \"FEDORA-2022-1b3d7f6973\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5197\", \"name\": \"DSA-5197\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html\", \"name\": \"[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20220915-0003/\"}, {\"url\": \"https://support.apple.com/kb/HT213488\"}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/41\", \"name\": \"20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2022/Oct/28\", \"name\": \"20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf\"}, {\"url\": \"https://security.gentoo.org/glsa/202212-01\", \"name\": \"GLSA-202212-01\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2023/02/15/3\", \"name\": \"[oss-security] 20230215 curl: CVE-2023-23916: HTTP multi-header compression denial of service\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"curl \u003c 7.84.0 supports \\\"chained\\\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \\\"links\\\" in this \\\"decompression chain\\\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \\\"malloc bomb\\\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"Allocation of Resources Without Limits or Throttling (CWE-770)\"}]}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2023-02-15T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-32206\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-05T16:16:54.022Z\", \"dateReserved\": \"2022-06-01T00:00:00.000Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2022-07-07T00:00:00.000Z\", \"assignerShortName\": \"hackerone\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
VAR-202206-1900
Vulnerability from variot - Updated: 2026-04-10 23:28curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Harry Sintonen incorrectly handled certain file permissions. An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/
Security fixes:
-
golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
-
moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)
-
nodejs16: CRLF injection in node-undici (CVE-2022-31150)
-
nodejs/undici: Cookie headers uncleared on cross-origin redirect (CVE-2022-31151)
-
vm2: Sandbox Escape in vm2 (CVE-2022-36067)
Bug fixes:
-
RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540)
-
vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes (BZ# 2074766)
-
cluster update status is stuck, also update is not even visible (BZ# 2079418)
-
Policy that creates cluster role is showing as not compliant due to Request entity too large message (BZ# 2088486)
-
Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster (BZ# 2089490)
-
ACM Console Becomes Unusable After a Time (BZ# 2097464)
-
RHACM 2.4.6 images (BZ# 2100613)
-
Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster (BZ# 2102436)
-
ManagedClusters in Pending import state after ACM hub migration (BZ# 2102495)
-
Bugs fixed (https://bugzilla.redhat.com/):
2041540 - RHACM 2.4 using deprecated APIs in managed clusters 2074766 - vSphere network name doesn't allow entering spaces and doesn't reflect YAML changes 2079418 - cluster update status is stuck, also update is not even visible 2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message 2089490 - Upgraded from RHACM 2.2-->2.3-->2.4 and cannot create cluster 2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add 2097464 - ACM Console Becomes Unusable After a Time 2100613 - RHACM 2.4.6 images 2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster 2102495 - ManagedClusters in Pending import state after ACM hub migration 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici 2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2
- Bugs fixed (https://bugzilla.redhat.com/):
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read 2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header 2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- JIRA issues fixed (https://issues.jboss.org/):
LOG-2647 - Add link to log console from pod views LOG-2801 - After upgrade all logs are stored in app indices LOG-2917 - Changing refresh interval throws error when the 'Query' field is empty
- This advisory contains the following OpenShift Virtualization 4.12.0 images:
Security Fix(es):
-
golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)
-
kubeVirt: Arbitrary file read on the host from KubeVirt VMs (CVE-2022-1798)
-
golang: out-of-bounds read in golang.org/x/text/language leads to DoS (CVE-2021-38561)
-
golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)
-
golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
-
golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
-
golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString (CVE-2022-23772)
-
golang: cmd/go: misinterpretation of branch names can lead to incorrect access control (CVE-2022-23773)
-
golang: crypto/elliptic: IsOnCurve returns true for invalid field elements (CVE-2022-23806)
-
golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)
-
golang: syscall: faccessat checks wrong group (CVE-2022-29526)
-
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
-
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
-
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
-
golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)
-
golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
-
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)
-
golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RHEL-8-CNV-4.12
============= bridge-marker-container-v4.12.0-24 cluster-network-addons-operator-container-v4.12.0-24 cnv-containernetworking-plugins-container-v4.12.0-24 cnv-must-gather-container-v4.12.0-58 hco-bundle-registry-container-v4.12.0-769 hostpath-csi-driver-container-v4.12.0-30 hostpath-provisioner-container-v4.12.0-30 hostpath-provisioner-operator-container-v4.12.0-31 hyperconverged-cluster-operator-container-v4.12.0-96 hyperconverged-cluster-webhook-container-v4.12.0-96 kubemacpool-container-v4.12.0-24 kubevirt-console-plugin-container-v4.12.0-182 kubevirt-ssp-operator-container-v4.12.0-64 kubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55 kubevirt-tekton-tasks-copy-template-container-v4.12.0-55 kubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55 kubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55 kubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55 kubevirt-tekton-tasks-operator-container-v4.12.0-40 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55 kubevirt-template-validator-container-v4.12.0-32 libguestfs-tools-container-v4.12.0-255 ovs-cni-marker-container-v4.12.0-24 ovs-cni-plugin-container-v4.12.0-24 virt-api-container-v4.12.0-255 virt-artifacts-server-container-v4.12.0-255 virt-cdi-apiserver-container-v4.12.0-72 virt-cdi-cloner-container-v4.12.0-72 virt-cdi-controller-container-v4.12.0-72 virt-cdi-importer-container-v4.12.0-72 virt-cdi-operator-container-v4.12.0-72 virt-cdi-uploadproxy-container-v4.12.0-71 virt-cdi-uploadserver-container-v4.12.0-72 virt-controller-container-v4.12.0-255 virt-exportproxy-container-v4.12.0-255 virt-exportserver-container-v4.12.0-255 virt-handler-container-v4.12.0-255 virt-launcher-container-v4.12.0-255 virt-operator-container-v4.12.0-255 virtio-win-container-v4.12.0-10 vm-network-latency-checkup-container-v4.12.0-89
- Solution:
Before applying this update, you must apply all previously released errata relevant to your system.
To apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1719190 - Unable to cancel live-migration if virt-launcher pod in pending state
2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume
2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache
2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error
2040377 - Unable to delete failed VMIM after VM deleted
2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed
2052556 - Metric "kubevirt_num_virt_handlers_by_node_running_virt_launcher" reporting incorrect value
2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements
2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString
2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control
2060499 - [RFE] Cannot add additional service (or other objects) to VM template
2069098 - Large scale |VMs migration is slow due to low migration parallelism
2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass
2071491 - Storage Throughput metrics are incorrect in Overview
2072797 - Metrics in Virtualization -> Overview period is not clear or configurable
2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers
2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering
2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group
2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode
2086551 - Min CPU feature found in labels
2087724 - Default template show no boot source even there are auto-upload boot sources
2088129 - [SSP] webhook does not comply with restricted security context
2088464 - [CDI] cdi-deployment does not comply with restricted security context
2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR
2089744 - HCO should label its control plane namespace to admit pods at privileged security level
2089751 - 4.12.0 containers
2089804 - 4.12.0 rpms
2091856 - ?Edit BootSource? action should have more explicit information when disabled
2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add
2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer
2093771 - The disk source should be PVC if the template has no auto-update boot source
2093996 - kubectl get vmi API should always return primary interface if exist
2094202 - Cloud-init username field should have hint
2096285 - KubeVirt CR API documentation is missing docs for many fields
2096780 - [RFE] Add ssh-key and sysprep to template scripts tab
2097436 - Online disk expansion ignores filesystem overhead change
2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP
2099556 - [RFE] Add option to enable RDP service for windows vm
2099573 - [RFE] Improve template's message about not editable
2099923 - [RFE] Merge "SSH access" and "SSH command" into one
2100290 - Error is not dismissed on catalog review page
2100436 - VM list filtering ignores VMs in error-states
2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down
2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS
2100629 - Update nested support KBASE article
2100679 - The number of hardware devices is not correct in vm overview tab
2100682 - All hardware devices get deleted while just delete one
2100684 - Workload profile are not editable during creation and after creation
2101144 - VM filter has two "Other" checkboxes which are triggered together
2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode
2101167 - Edit buttons clickable area is too large.
2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id
2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state
2101390 - Easy to miss the "tick" when adding GPU device to vm via UI
2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id
2101423 - wrong user name on using ignition
2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page
2101445 - "Pending changes - Boot Order"
2101454 - Cannot add PVC boot source to template in 'Edit Boot Source Reference' view as a non-priv user
2101499 - Cannot add NIC to VM template as non-priv user
2101501 - NAME parameter in VM template has no effect.
2101628 - non-priv user cannot load dataSource while edit template's rootdisk
2101667 - VMI view is not aligned with vm and tempates
2101681 - All templates are labeling "source available" in template list page
2102074 - VM Creation time on VM Overview Details card lacks string
2102125 - vm clone modal is displaying DV size instead of PVC size
2102132 - align the utilization card of single VM overview with the design
2102138 - Should the word "new" be removed from "Create new VirtualMachine from catalog"?
2102256 - Add button moved to right
2102448 - VM disk is deleted by uncheck "Delete disks (1x)" on delete modal
2102475 - Template 'vm-template-example' should be filtered by 'Fedora' rather than 'Other'
2102561 - sysprep-info should link to downstream doc
2102737 - Clone a VM should lead to vm overview tab
2102740 - "Save" button on vm clone modal should be "Clone"
2103806 - "404: Not Found" appears shortly by clicking the PVC link on vm disk tab
2103807 - PVC is not named by VM name while creating vm quickly
2103817 - Workload profile values in vm details should align with template's value
2103844 - VM nic model is empty
2104331 - VM list page scroll up automatically
2104402 - VM create button is not enabled while adding multiple environment disks
2104422 - Storage status report "OpenShift Data Foundation is not available" even the operator is installed
2104424 - Enable descheduler or hide it on template's scheduling tab
2104479 - [4.12] Cloned VM's snapshot restore fails if the source VM disk is deleted
2104480 - Alerts in VM overview tab disappeared after a few seconds
2104785 - "Add disk" and "Disks" are on the same line
2104859 - [RFE] Add "Copy SSH command" to VM action list
2105257 - Can't set log verbosity level for virt-operator pod
2106175 - All pages are crashed after visit Virtualization -> Overview
2106963 - Cannot add configmap for windows VM
2107279 - VM Template's bootable disk can be marked as bootable
2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse functions
2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
2108339 - datasource does not provide timestamp when updated
2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed
2109818 - Upstream metrics documentation is not detailed enough
2109975 - DataVolume fails to import "cirros-container-disk-demo" image
2110256 - Storage -> PVC -> upload data, does not support source reference
2110562 - CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls
2111240 - GiB changes to B in Template's Edit boot source reference modal
2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics
2111328 - kubevirt plugin console crashed after visit vmi page
2111378 - VM SSH command generated by UI points at api VIP
2111744 - Cloned template should not label app.kubernetes.io/name: common-templates
2111794 - the virtlogd process is taking too much RAM! (17468Ki > 17Mi)
2112900 - button style are different
2114516 - Nothing happens after clicking on Fedora cloud image list link
2114636 - The style of displayed items are not unified on VM tabs
2114683 - VM overview tab is crashed just after the vm is created
2115257 - Need to Change system-product-name to "OpenShift Virtualization" in CNV-4.12
2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass
2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items
2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates
2116225 - The filter keyword of the related operator 'Openshift Data Foundation' is 'OCS' rather than 'ODF'
2116644 - Importer pod is failing to start with error "MountVolume.SetUp failed for volume "cdi-proxy-cert-vol" : configmap "custom-ca" not found"
2117549 - Cannot edit cloud-init data after add ssh key
2117803 - Cannot edit ssh even vm is stopped
2117813 - Improve descriptive text of VM details while VM is off
2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs
2118257 - outdated doc link tolerations modal
2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format
2119069 - Unable to start windows VMs on PSI setups
2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2119309 - readinessProbe in VM stays on failed
2119615 - Change the disk size causes the unit changed
2120907 - Cannot filter disks by label
2121320 - Negative values in migration metrics
2122236 - Failing to delete HCO with SSP sticking around
2122990 - VMExport should check APIGroup
2124147 - "ReadOnlyMany" should not be added to supported values in memory dump
2124307 - Ui crash/stuck on loading when trying to detach disk on a VM
2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it
2124555 - View documentation link on MigrationPolicies page des not work
2124557 - MigrationPolicy description is not displayed on Details page
2124558 - Non-privileged user can start MigrationPolicy creation
2124565 - Deleted DataSource reappears in list
2124572 - First annotation can not be added to DataSource
2124582 - Filtering VMs by OS does not work
2124594 - Docker URL validation is inconsistent over application
2124597 - Wrong case in Create DataSource menu
2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile
2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state
2127787 - Expose the PVC source of the dataSource on UI
2127843 - UI crashed by selecting "Live migration network"
2127931 - Change default time range on Virtualization -> Overview -> Monitoring dashboard to 30 minutes
2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer
2128002 - Error after VM template deletion
2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards
2128872 - [4.11]Can't restore cloned VM
2128948 - Cannot create DataSource from default YAML
2128949 - Cannot create MigrationPolicy from example YAML
2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24
2129013 - Mark Windows 11 as TechPreview
2129234 - Service is not deleted along with the VM when the VM is created from a template with service
2129301 - Cloud-init network data don't wipe out on uncheck checkbox 'Add network data'
2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook
2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV
2130588 - crypto-policy : Common Ciphers support by apiserver and hco
2130695 - crypto-policy : Logging Improvement and publish the source of ciphers
2130909 - Non-privileged user can start DataSource creation
2131157 - KV data transfer rate chart in VM Metrics tab is not displayed
2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough
2131674 - Bump virtlogd memory requirement to 20Mi
2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11
2132682 - Default YAML entity name convention.
2132721 - Delete dialogs
2132744 - Description text is missing in Live Migrations section
2132746 - Background is broken in Virtualization Monitoring page
2132783 - VM can not be created from Template with edited boot source
2132793 - Edited Template BSR is not saved
2132932 - Typo in PVC size units menu
2133540 - [pod security violation audit] Audit violation in "cni-plugins" container should be fixed
2133541 - [pod security violation audit] Audit violation in "bridge-marker" container should be fixed
2133542 - [pod security violation audit] Audit violation in "manager" container should be fixed
2133543 - [pod security violation audit] Audit violation in "kube-rbac-proxy" container should be fixed
2133655 - [pod security violation audit] Audit violation in "cdi-operator" container should be fixed
2133656 - [4.12][pod security violation audit] Audit violation in "hostpath-provisioner-operator" container should be fixed
2133659 - [pod security violation audit] Audit violation in "cdi-controller" container should be fixed
2133660 - [pod security violation audit] Audit violation in "cdi-source-update-poller" container should be fixed
2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod
2134672 - [e2e] add data-test-id for catalog -> storage section
2134825 - Authorization for expand-spec endpoint missing
2135805 - Windows 2022 template is missing vTPM and UEFI params in spec
2136051 - Name jumping when trying to create a VM with source from catalog
2136425 - Windows 11 is detected as Windows 10
2136534 - Not possible to specify a TTL on VMExports
2137123 - VMExport: export pod is not PSA complaint
2137241 - Checkbox about delete vm disks is not loaded while deleting VM
2137243 - registery input add docker prefix twice
2137349 - "Manage source" action infinitely loading on DataImportCron details page
2137591 - Inconsistent dialog headings/titles
2137731 - Link of VM status in overview is not working
2137733 - No link for VMs in error status in "VirtualMachine statuses" card
2137736 - The column name "MigrationPolicy name" can just be "Name"
2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly
2138112 - Unsupported S3 endpoint option in Add disk modal
2138119 - "Customize VirtualMachine" flow is not user-friendly because settings are split into 2 modals
2138199 - Win11 and Win22 templates are not filtered properly by Template provider
2138653 - Saving Template prameters reloads the page
2138657 - Setting DATA_SOURCE_ Template parameters makes VM creation fail
2138664 - VM that was created with SSH key fails to start
2139257 - Cannot add disk via "Using an existing PVC"
2139260 - Clone button is disabled while VM is running
2139293 - Non-admin user cannot load VM list page
2139296 - Non-admin cannot load MigrationPolicies page
2139299 - No auto-generated VM name while creating VM by non-admin user
2139306 - Non-admin cannot create VM via customize mode
2139479 - virtualization overview crashes for non-priv user
2139574 - VM name gets "emptyname" if click the create button quickly
2139651 - non-priv user can click create when have no permissions
2139687 - catalog shows template list for non-priv users
2139738 - [4.12]Can't restore cloned VM
2139820 - non-priv user cant reach vm details
2140117 - Provide upgrade path from 4.11.1->4.12.0
2140521 - Click the breadcrumb list about "VirtualMachines" goes to undefined project
2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user
2140627 - Not able to select storageClass if there is no default storageclass defined
2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user
2140808 - Hyperv feature set to "enabled: false" prevents scheduling
2140977 - Alerts number is not correct on Virtualization overview
2140982 - The base template of cloned template is "Not available"
2140998 - Incorrect information shows in overview page per namespace
2141089 - Unable to upload boot images.
2141302 - Unhealthy states alerts and state metrics are missing
2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations
2141494 - "Start in pause mode" option is not available while creating the VM
2141654 - warning log appearing on VMs: found no SR-IOV networks
2141711 - Node column selector is redundant for non-priv user
2142468 - VM action "Stop" should not be disabled when VM in pause state
2142470 - Delete a VM or template from all projects leads to 404 error
2142511 - Enhance alerts card in overview
2142647 - Error after MigrationPolicy deletion
2142891 - VM latency checkup: Failed to create the checkup's Job
2142929 - Permission denied when try get instancestypes
2143268 - Topolvm storageProfile missing accessModes and volumeMode
2143498 - Could not load template while creating VM from catalog
2143964 - Could not load template while creating VM from catalog
2144580 - "?" icon is too big in VM Template Disk tab
2144828 - "?" icon is too big in VM Template Disk tab
2144839 - Alerts number is not correct on Virtualization overview
2153849 - After upgrade to 4.11.1->4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten
2155757 - Incorrect upstream-version label "v1.6.0-unstable-410-g09ea881c" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container
- Description:
Multicluster Engine for Kubernetes 2.0.2 images
Multicluster engine for Kubernetes provides the foundational components that are necessary for the centralized management of multiple Kubernetes-based clusters across data centers, public clouds, and private clouds.
You can use the engine to create new Red Hat OpenShift Container Platform clusters or to bring existing Kubernetes-based clusters under management by importing them. After the clusters are managed, you can use the APIs that are provided by the engine to distribute configuration based on placement policy.
Security updates:
- moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
- vm2: Sandbox Escape in vm2 (CVE-2022-36067)
Bug fix:
-
MCE 2.0.2 images (BZ# 2104569)
-
Solution:
For multicluster engine for Kubernetes, see the following documentation for details on how to install the images:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online
- Bugs fixed (https://bugzilla.redhat.com/):
2104569 - MCE 2.0.2 Images 2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS 2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2
Bug Fix(es):
-
Cloning a Block DV to VM with Filesystem with not big enough size comes to endless loop - using pvc api (BZ#2033191)
-
Restart of VM Pod causes SSH keys to be regenerated within VM (BZ#2087177)
-
Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR (BZ#2089391)
-
[4.11] VM Snapshot Restore hangs indefinitely when backed by a snapshotclass (BZ#2098225)
-
Fedora version in DataImportCrons is not 'latest' (BZ#2102694)
-
[4.11] Cloned VM's snapshot restore fails if the source VM disk is deleted (BZ#2109407)
-
CNV introduces a compliance check fail in "ocp4-moderate" profile - routes-protected-by-tls (BZ#2110562)
-
Nightly build: v4.11.0-578: index format was changed in 4.11 to file-based instead of sqlite-based (BZ#2112643)
-
Unable to start windows VMs on PSI setups (BZ#2115371)
-
[4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24 (BZ#2128997)
-
Mark Windows 11 as TechPreview (BZ#2129013)
-
4.11.1 rpms (BZ#2139453)
This advisory contains the following OpenShift Virtualization 4.11.1 images.
RHEL-8-CNV-4.11
virt-cdi-operator-container-v4.11.1-5 virt-cdi-uploadserver-container-v4.11.1-5 virt-cdi-apiserver-container-v4.11.1-5 virt-cdi-importer-container-v4.11.1-5 virt-cdi-controller-container-v4.11.1-5 virt-cdi-cloner-container-v4.11.1-5 virt-cdi-uploadproxy-container-v4.11.1-5 checkup-framework-container-v4.11.1-3 kubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7 kubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7 kubevirt-template-validator-container-v4.11.1-4 virt-handler-container-v4.11.1-5 hostpath-provisioner-operator-container-v4.11.1-4 virt-api-container-v4.11.1-5 vm-network-latency-checkup-container-v4.11.1-3 cluster-network-addons-operator-container-v4.11.1-5 virtio-win-container-v4.11.1-4 virt-launcher-container-v4.11.1-5 ovs-cni-marker-container-v4.11.1-5 hyperconverged-cluster-webhook-container-v4.11.1-7 virt-controller-container-v4.11.1-5 virt-artifacts-server-container-v4.11.1-5 kubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7 kubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7 libguestfs-tools-container-v4.11.1-5 hostpath-provisioner-container-v4.11.1-4 kubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7 kubevirt-tekton-tasks-copy-template-container-v4.11.1-7 cnv-containernetworking-plugins-container-v4.11.1-5 bridge-marker-container-v4.11.1-5 virt-operator-container-v4.11.1-5 hostpath-csi-driver-container-v4.11.1-4 kubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7 kubemacpool-container-v4.11.1-5 hyperconverged-cluster-operator-container-v4.11.1-7 kubevirt-ssp-operator-container-v4.11.1-4 ovs-cni-plugin-container-v4.11.1-5 kubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7 kubevirt-tekton-tasks-operator-container-v4.11.1-2 cnv-must-gather-container-v4.11.1-8 kubevirt-console-plugin-container-v4.11.1-9 hco-bundle-registry-container-v4.11.1-49
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update Advisory ID: RHSA-2022:8840-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2022:8840 Issue date: 2022-12-08 CVE Names: CVE-2022-1292 CVE-2022-2068 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-30522 CVE-2022-31813 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-32221 CVE-2022-35252 CVE-2022-42915 CVE-2022-42916 ==================================================================== 1. Summary:
An update is now available for Red Hat JBoss Core Services.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64 Red Hat JBoss Core Services on RHEL 8 - noarch, x86_64
- Description:
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
-
curl: HSTS bypass via IDN (CVE-2022-42916)
-
curl: HTTP proxy double-free (CVE-2022-42915)
-
curl: POST following PUT confusion (CVE-2022-32221)
-
httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism (CVE-2022-31813)
-
httpd: mod_sed: DoS vulnerability (CVE-2022-30522)
-
httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)
-
httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)
-
httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)
-
curl: control code in cookie denial of service (CVE-2022-35252)
-
jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)
-
curl: Unpreserved file permissions (CVE-2022-32207)
-
curl: various flaws (CVE-2022-32206 CVE-2022-32208)
-
openssl: the c_rehash script allows command injection (CVE-2022-2068)
-
openssl: c_rehash script allows command injection (CVE-2022-1292)
-
jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody (CVE-2022-22721)
-
jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds (CVE-2022-23943)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Applications using the APR libraries, such as httpd, must be restarted for this update to take effect. After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds 2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection 2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling 2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read 2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite() 2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match() 2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability 2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism 2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection 2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2099305 - CVE-2022-32207 curl: Unpreserved file permissions 2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification 2120718 - CVE-2022-35252 curl: control code in cookie denial of service 2135411 - CVE-2022-32221 curl: POST following PUT confusion 2135413 - CVE-2022-42915 curl: HTTP proxy double-free 2135416 - CVE-2022-42916 curl: HSTS bypass via IDN
- Package List:
Red Hat JBoss Core Services on RHEL 7 Server:
Source: jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.src.rpm jbcs-httpd24-curl-7.86.0-2.el7jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-37.el7jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el7jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.51-37.el7jbcs.noarch.rpm
x86_64: jbcs-httpd24-apr-util-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-99.el7jbcs.x86_64.rpm jbcs-httpd24-curl-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.86.0-2.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-18.el7jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el7jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-22.el7jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el7jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-37.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-11.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-13.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el7jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-13.el7jbcs.x86_64.rpm
Red Hat JBoss Core Services on RHEL 8:
Source: jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.src.rpm jbcs-httpd24-curl-7.86.0-2.el8jbcs.src.rpm jbcs-httpd24-httpd-2.4.51-37.el8jbcs.src.rpm jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.src.rpm jbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el8jbcs.src.rpm jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.src.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.src.rpm jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.src.rpm jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.src.rpm jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.src.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.51-37.el8jbcs.noarch.rpm
x86_64: jbcs-httpd24-apr-util-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-devel-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-nss-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm jbcs-httpd24-curl-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-curl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-httpd-tools-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-libcurl-devel-7.86.0-2.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ldap-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-2.4.0-18.el8jbcs.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.4.0-18.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-2.9.3-22.el8jbcs.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.3-22.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_session-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-mod_ssl-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.43.0-11.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-libs-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1k-13.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el8jbcs.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1k-13.el8jbcs.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2022-1292 https://access.redhat.com/security/cve/CVE-2022-2068 https://access.redhat.com/security/cve/CVE-2022-22721 https://access.redhat.com/security/cve/CVE-2022-23943 https://access.redhat.com/security/cve/CVE-2022-26377 https://access.redhat.com/security/cve/CVE-2022-28330 https://access.redhat.com/security/cve/CVE-2022-28614 https://access.redhat.com/security/cve/CVE-2022-28615 https://access.redhat.com/security/cve/CVE-2022-30522 https://access.redhat.com/security/cve/CVE-2022-31813 https://access.redhat.com/security/cve/CVE-2022-32206 https://access.redhat.com/security/cve/CVE-2022-32207 https://access.redhat.com/security/cve/CVE-2022-32208 https://access.redhat.com/security/cve/CVE-2022-32221 https://access.redhat.com/security/cve/CVE-2022-35252 https://access.redhat.com/security/cve/CVE-2022-42915 https://access.redhat.com/security/cve/CVE-2022-42916 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBY5ISE9zjgjWX9erEAQixuA//dX5Q3wtu2MRvrjD/sK/r6dqBz4fWWhS9 ws2A8cRa5ki3RlCaYQ3pP7LkRtIdankAP3HG1NU4er/odsMEW5aEgku+5foV7w4M WEd0USLKs3Pw5a7/3TjOBUf5CA7oet03C7/u9idWaLD/ip4UMhskSnz33qFQSFZf FAWNdsRhH8+ql6qFMg9Odv5RFX3i2+wBy5pC69Akr2FBEt9j+/PbvSPWuPD26n6H 0l+QUKrI3OW1EHzz+S/8aEfTFKLluXfhVJn61wdA8Kjs4ZKrnBz8czJjxn4hOi7a z0tpzg5d1BJEf/UB7EdyyLBGRIliWhf978qtG8QS37GEgnQSof2xgcfu1NGiHl9j ypCqX1R4oOkeoISynnZUKWZ1uFp5GkMiRtPu0Bw7WYB6z/8OWZce4yIqh1rcG09d NcyleabDtpJ7C3BJQzpnhXAWjri7oJ6wHBvcbQ9sLj2xkQRX2Zpi0KJGIH8iLwdn Ik+RIZ7u/mXeW3ulcwiQTPYbTQLWGXqgZV1qxJq91HIcu+y3STQwZjb4fZuqjH5M onO/rF2y50l9LqArg/v9KAJUbHSKMDP6r7Dx02J+iKjW3g7NczoImrU7JcyAgce9 mCN7gMmU9bQx1tagIKcKKW5IVN/jHyWKJW/t0teoaECsa2LMgoEIt+6RcmQXWpdF 6t6oQh+b3NY=UGfz -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Bugs fixed (https://bugzilla.redhat.com/):
2099300 - CVE-2022-32206 curl: HTTP compression denial of service 2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service
6
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "scalance sc646-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"_id": null,
"model": "universal forwarder",
"scope": "eq",
"trust": 1.0,
"vendor": "splunk",
"version": "9.1.0"
},
{
"_id": null,
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"_id": null,
"model": "bootstrap os",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "solidfire",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "h700s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.6"
},
{
"_id": null,
"model": "h500s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "9.0.0"
},
{
"_id": null,
"model": "scalance sc622-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"_id": null,
"model": "universal forwarder",
"scope": "lt",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.12"
},
{
"_id": null,
"model": "hci management node",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "element software",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"_id": null,
"model": "scalance sc642-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"_id": null,
"model": "curl",
"scope": "lt",
"trust": 1.0,
"vendor": "haxx",
"version": "7.84.0"
},
{
"_id": null,
"model": "h410s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "h300s",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "universal forwarder",
"scope": "gte",
"trust": 1.0,
"vendor": "splunk",
"version": "8.2.0"
},
{
"_id": null,
"model": "scalance sc632-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"_id": null,
"model": "scalance sc626-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"_id": null,
"model": "scalance sc636-2c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "168275"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "172765"
},
{
"db": "PACKETSTORM",
"id": "168284"
}
],
"trust": 0.8
},
"cve": "CVE-2022-32206",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2022-32206",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2022-32206",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-32206",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-32206",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2565",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"description": {
"_id": null,
"data": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. Harry Sintonen incorrectly handled certain file permissions. \nAn attacker could possibly use this issue to expose sensitive information. \nThis issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207). Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity fixes:\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\n* moment: inefficient parsing algorithim resulting in DoS (CVE-2022-31129)\n\n* nodejs16: CRLF injection in node-undici (CVE-2022-31150)\n\n* nodejs/undici: Cookie headers uncleared on cross-origin redirect\n(CVE-2022-31151)\n\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fixes:\n\n* RHACM 2.4 using deprecated APIs in managed clusters (BZ# 2041540)\n\n* vSphere network name doesn\u0027t allow entering spaces and doesn\u0027t reflect\nYAML changes (BZ# 2074766)\n\n* cluster update status is stuck, also update is not even visible (BZ#\n2079418)\n\n* Policy that creates cluster role is showing as not compliant due to\nRequest entity too large message (BZ# 2088486)\n\n* Upgraded from RHACM 2.2--\u003e2.3--\u003e2.4 and cannot create cluster (BZ#\n2089490)\n\n* ACM Console Becomes Unusable After a Time (BZ# 2097464)\n\n* RHACM 2.4.6 images (BZ# 2100613)\n\n* Cluster Pools with conflicting name of existing clusters in same\nnamespace fails creation and deletes existing cluster (BZ# 2102436)\n\n* ManagedClusters in Pending import state after ACM hub migration (BZ#\n2102495)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n2041540 - RHACM 2.4 using deprecated APIs in managed clusters\n2074766 - vSphere network name doesn\u0027t allow entering spaces and doesn\u0027t reflect YAML changes\n2079418 - cluster update status is stuck, also update is not even visible\n2088486 - Policy that creates cluster role is showing as not compliant due to Request entity too large message\n2089490 - Upgraded from RHACM 2.2--\u003e2.3--\u003e2.4 and cannot create cluster\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2097464 - ACM Console Becomes Unusable After a Time\n2100613 - RHACM 2.4.6 images\n2102436 - Cluster Pools with conflicting name of existing clusters in same namespace fails creation and deletes existing cluster\n2102495 - ManagedClusters in Pending import state after ACM hub migration\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2109354 - CVE-2022-31150 nodejs16: CRLF injection in node-undici\n2121396 - CVE-2022-31151 nodejs/undici: Cookie headers uncleared on cross-origin redirect\n2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nLOG-2647 - Add link to log console from pod views\nLOG-2801 - After upgrade all logs are stored in app indices\nLOG-2917 - Changing refresh interval throws error when the \u0027Query\u0027 field is empty\n\n6. This advisory contains the following\nOpenShift Virtualization 4.12.0 images:\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\n* kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n(CVE-2022-1798)\n\n* golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n(CVE-2021-38561)\n\n* golang: syscall: don\u0027t close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: improper sanitization of Transfer-Encoding header\n(CVE-2022-1705)\n\n* golang: go/parser: stack exhaustion in all Parse* functions\n(CVE-2022-1962)\n\n* golang: math/big: uncontrolled memory consumption due to an unhandled\noverflow via Rat.SetString (CVE-2022-23772)\n\n* golang: cmd/go: misinterpretation of branch names can lead to incorrect\naccess control (CVE-2022-23773)\n\n* golang: crypto/elliptic: IsOnCurve returns true for invalid field\nelements (CVE-2022-23806)\n\n* golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)\n\n* golang: syscall: faccessat checks wrong group (CVE-2022-29526)\n\n* golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\n* golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)\n\n* golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)\n\n* golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)\n\n* golang: net/http/httputil: NewSingleHostReverseProxy - omit\nX-Forwarded-For not working (CVE-2022-32148)\n\n* golang: crypto/tls: session tickets lack random ticket_age_add\n(CVE-2022-30629)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nRHEL-8-CNV-4.12\n\n=============\nbridge-marker-container-v4.12.0-24\ncluster-network-addons-operator-container-v4.12.0-24\ncnv-containernetworking-plugins-container-v4.12.0-24\ncnv-must-gather-container-v4.12.0-58\nhco-bundle-registry-container-v4.12.0-769\nhostpath-csi-driver-container-v4.12.0-30\nhostpath-provisioner-container-v4.12.0-30\nhostpath-provisioner-operator-container-v4.12.0-31\nhyperconverged-cluster-operator-container-v4.12.0-96\nhyperconverged-cluster-webhook-container-v4.12.0-96\nkubemacpool-container-v4.12.0-24\nkubevirt-console-plugin-container-v4.12.0-182\nkubevirt-ssp-operator-container-v4.12.0-64\nkubevirt-tekton-tasks-cleanup-vm-container-v4.12.0-55\nkubevirt-tekton-tasks-copy-template-container-v4.12.0-55\nkubevirt-tekton-tasks-create-datavolume-container-v4.12.0-55\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.12.0-55\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.12.0-55\nkubevirt-tekton-tasks-modify-vm-template-container-v4.12.0-55\nkubevirt-tekton-tasks-operator-container-v4.12.0-40\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.12.0-55\nkubevirt-template-validator-container-v4.12.0-32\nlibguestfs-tools-container-v4.12.0-255\novs-cni-marker-container-v4.12.0-24\novs-cni-plugin-container-v4.12.0-24\nvirt-api-container-v4.12.0-255\nvirt-artifacts-server-container-v4.12.0-255\nvirt-cdi-apiserver-container-v4.12.0-72\nvirt-cdi-cloner-container-v4.12.0-72\nvirt-cdi-controller-container-v4.12.0-72\nvirt-cdi-importer-container-v4.12.0-72\nvirt-cdi-operator-container-v4.12.0-72\nvirt-cdi-uploadproxy-container-v4.12.0-71\nvirt-cdi-uploadserver-container-v4.12.0-72\nvirt-controller-container-v4.12.0-255\nvirt-exportproxy-container-v4.12.0-255\nvirt-exportserver-container-v4.12.0-255\nvirt-handler-container-v4.12.0-255\nvirt-launcher-container-v4.12.0-255\nvirt-operator-container-v4.12.0-255\nvirtio-win-container-v4.12.0-10\nvm-network-latency-checkup-container-v4.12.0-89\n\n3. Solution:\n\nBefore applying this update, you must apply all previously released errata\nrelevant to your system. \n\nTo apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1719190 - Unable to cancel live-migration if virt-launcher pod in pending state\n2023393 - [CNV] [UI]Additional information needed for cloning when default storageclass in not defined in target datavolume\n2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache\n2030806 - CVE-2021-44717 golang: syscall: don\u0027t close fd 0 on ForkExec error\n2040377 - Unable to delete failed VMIM after VM deleted\n2046298 - mdevs not configured with drivers installed, if mdev config added to HCO CR before drivers are installed\n2052556 - Metric \"kubevirt_num_virt_handlers_by_node_running_virt_launcher\" reporting incorrect value\n2053429 - CVE-2022-23806 golang: crypto/elliptic: IsOnCurve returns true for invalid field elements\n2053532 - CVE-2022-23772 golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString\n2053541 - CVE-2022-23773 golang: cmd/go: misinterpretation of branch names can lead to incorrect access control\n2060499 - [RFE] Cannot add additional service (or other objects) to VM template\n2069098 - Large scale |VMs migration is slow due to low migration parallelism\n2070366 - VM Snapshot Restore hangs indefinitely when backed by a snapshotclass\n2071491 - Storage Throughput metrics are incorrect in Overview\n2072797 - Metrics in Virtualization -\u003e Overview period is not clear or configurable\n2072821 - Top Consumers of Storage Traffic in Kubevirt Dashboard giving unexpected numbers\n2079916 - KubeVirt CR seems to be in DeploymentInProgress state and not recovering\n2084085 - CVE-2022-29526 golang: syscall: faccessat checks wrong group\n2086285 - [dark mode] VirtualMachine - in the Utilization card the percentages and the graphs not visible enough in dark mode\n2086551 - Min CPU feature found in labels\n2087724 - Default template show no boot source even there are auto-upload boot sources\n2088129 - [SSP] webhook does not comply with restricted security context\n2088464 - [CDI] cdi-deployment does not comply with restricted security context\n2089391 - Import gzipped raw file causes image to be downloaded and uncompressed to TMPDIR\n2089744 - HCO should label its control plane namespace to admit pods at privileged security level\n2089751 - 4.12.0 containers\n2089804 - 4.12.0 rpms\n2091856 - ?Edit BootSource? action should have more explicit information when disabled\n2092793 - CVE-2022-30629 golang: crypto/tls: session tickets lack random ticket_age_add\n2092796 - [RFE] CPU|Memory display in the template card is not consistent with the display in the template drawer\n2093771 - The disk source should be PVC if the template has no auto-update boot source\n2093996 - kubectl get vmi API should always return primary interface if exist\n2094202 - Cloud-init username field should have hint\n2096285 - KubeVirt CR API documentation is missing docs for many fields\n2096780 - [RFE] Add ssh-key and sysprep to template scripts tab\n2097436 - Online disk expansion ignores filesystem overhead change\n2097586 - AccessMode should stay on ReadWriteOnce while editing a disk with storage class HPP\n2099556 - [RFE] Add option to enable RDP service for windows vm\n2099573 - [RFE] Improve template\u0027s message about not editable\n2099923 - [RFE] Merge \"SSH access\" and \"SSH command\" into one\n2100290 - Error is not dismissed on catalog review page\n2100436 - VM list filtering ignores VMs in error-states\n2100442 - [RFE] allow enabling and disabling SSH service while VM is shut down\n2100495 - CVE-2021-38561 golang: out-of-bounds read in golang.org/x/text/language leads to DoS\n2100629 - Update nested support KBASE article\n2100679 - The number of hardware devices is not correct in vm overview tab\n2100682 - All hardware devices get deleted while just delete one\n2100684 - Workload profile are not editable during creation and after creation\n2101144 - VM filter has two \"Other\" checkboxes which are triggered together\n2101164 - [dark mode] Number of alerts in Alerts card not visible enough in dark mode\n2101167 - Edit buttons clickable area is too large. \n2101333 - [e2e] elements on Template Scheduling tab are missing proper data-test-id\n2101335 - Clone action enabled in VM list kebab button for a VM in CrashLoopBackOff state\n2101390 - Easy to miss the \"tick\" when adding GPU device to vm via UI\n2101394 - [e2e] elements on VM Scripts tab are missing proper data-test-id\n2101423 - wrong user name on using ignition\n2101430 - Using CLOUD_USER_PASSWORD in Templates parameters breaks VM review page\n2101445 - \"Pending changes - Boot Order\"\n2101454 - Cannot add PVC boot source to template in \u0027Edit Boot Source Reference\u0027 view as a non-priv user\n2101499 - Cannot add NIC to VM template as non-priv user\n2101501 - NAME parameter in VM template has no effect. \n2101628 - non-priv user cannot load dataSource while edit template\u0027s rootdisk\n2101667 - VMI view is not aligned with vm and tempates\n2101681 - All templates are labeling \"source available\" in template list page\n2102074 - VM Creation time on VM Overview Details card lacks string\n2102125 - vm clone modal is displaying DV size instead of PVC size\n2102132 - align the utilization card of single VM overview with the design\n2102138 - Should the word \"new\" be removed from \"Create new VirtualMachine from catalog\"?\n2102256 - Add button moved to right\n2102448 - VM disk is deleted by uncheck \"Delete disks (1x)\" on delete modal\n2102475 - Template \u0027vm-template-example\u0027 should be filtered by \u0027Fedora\u0027 rather than \u0027Other\u0027\n2102561 - sysprep-info should link to downstream doc\n2102737 - Clone a VM should lead to vm overview tab\n2102740 - \"Save\" button on vm clone modal should be \"Clone\"\n2103806 - \"404: Not Found\" appears shortly by clicking the PVC link on vm disk tab\n2103807 - PVC is not named by VM name while creating vm quickly\n2103817 - Workload profile values in vm details should align with template\u0027s value\n2103844 - VM nic model is empty\n2104331 - VM list page scroll up automatically\n2104402 - VM create button is not enabled while adding multiple environment disks\n2104422 - Storage status report \"OpenShift Data Foundation is not available\" even the operator is installed\n2104424 - Enable descheduler or hide it on template\u0027s scheduling tab\n2104479 - [4.12] Cloned VM\u0027s snapshot restore fails if the source VM disk is deleted\n2104480 - Alerts in VM overview tab disappeared after a few seconds\n2104785 - \"Add disk\" and \"Disks\" are on the same line\n2104859 - [RFE] Add \"Copy SSH command\" to VM action list\n2105257 - Can\u0027t set log verbosity level for virt-operator pod\n2106175 - All pages are crashed after visit Virtualization -\u003e Overview\n2106963 - Cannot add configmap for windows VM\n2107279 - VM Template\u0027s bootable disk can be marked as bootable\n2107342 - CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read\n2107371 - CVE-2022-30630 golang: io/fs: stack exhaustion in Glob\n2107374 - CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header\n2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions\n2107383 - CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working\n2107386 - CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob\n2107388 - CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode\n2107390 - CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip\n2107392 - CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal\n2108339 - datasource does not provide timestamp when updated\n2108638 - When chosing a vm or template while in all-namespace, and returning to list, namespace is changed\n2109818 - Upstream metrics documentation is not detailed enough\n2109975 - DataVolume fails to import \"cirros-container-disk-demo\" image\n2110256 - Storage -\u003e PVC -\u003e upload data, does not support source reference\n2110562 - CNV introduces a compliance check fail in \"ocp4-moderate\" profile - routes-protected-by-tls\n2111240 - GiB changes to B in Template\u0027s Edit boot source reference modal\n2111292 - kubevirt plugin console is crashed after creating a vm with 2 nics\n2111328 - kubevirt plugin console crashed after visit vmi page\n2111378 - VM SSH command generated by UI points at api VIP\n2111744 - Cloned template should not label `app.kubernetes.io/name: common-templates`\n2111794 - the virtlogd process is taking too much RAM! (17468Ki \u003e 17Mi)\n2112900 - button style are different\n2114516 - Nothing happens after clicking on Fedora cloud image list link\n2114636 - The style of displayed items are not unified on VM tabs\n2114683 - VM overview tab is crashed just after the vm is created\n2115257 - Need to Change system-product-name to \"OpenShift Virtualization\" in CNV-4.12\n2115258 - The storageclass of VM disk is different from quick created and customize created after changed the default storageclass\n2115280 - [e2e] kubevirt-e2e-aws see two duplicated navigation items\n2115769 - Machine type is updated to rhel8.6.0 in KV CR but not in Templates\n2116225 - The filter keyword of the related operator \u0027Openshift Data Foundation\u0027 is \u0027OCS\u0027 rather than \u0027ODF\u0027\n2116644 - Importer pod is failing to start with error \"MountVolume.SetUp failed for volume \"cdi-proxy-cert-vol\" : configmap \"custom-ca\" not found\"\n2117549 - Cannot edit cloud-init data after add ssh key\n2117803 - Cannot edit ssh even vm is stopped\n2117813 - Improve descriptive text of VM details while VM is off\n2117872 - CVE-2022-1798 kubeVirt: Arbitrary file read on the host from KubeVirt VMs\n2118257 - outdated doc link tolerations modal\n2118823 - Deprecated API 1.25 call: virt-cdi-controller/v0.0.0 (linux/amd64) kubernetes/$Format\n2119069 - Unable to start windows VMs on PSI setups\n2119128 - virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2119309 - readinessProbe in VM stays on failed\n2119615 - Change the disk size causes the unit changed\n2120907 - Cannot filter disks by label\n2121320 - Negative values in migration metrics\n2122236 - Failing to delete HCO with SSP sticking around\n2122990 - VMExport should check APIGroup\n2124147 - \"ReadOnlyMany\" should not be added to supported values in memory dump\n2124307 - Ui crash/stuck on loading when trying to detach disk on a VM\n2124528 - On upgrade, when live-migration is failed due to an infra issue, virt-handler continuously and endlessly tries to migrate it\n2124555 - View documentation link on MigrationPolicies page des not work\n2124557 - MigrationPolicy description is not displayed on Details page\n2124558 - Non-privileged user can start MigrationPolicy creation\n2124565 - Deleted DataSource reappears in list\n2124572 - First annotation can not be added to DataSource\n2124582 - Filtering VMs by OS does not work\n2124594 - Docker URL validation is inconsistent over application\n2124597 - Wrong case in Create DataSource menu\n2126104 - virtctl image-upload hangs waiting for pod to be ready with missing access mode defined in the storage profile\n2126397 - many KubeVirtComponentExceedsRequestedMemory alerts in Firing state\n2127787 - Expose the PVC source of the dataSource on UI\n2127843 - UI crashed by selecting \"Live migration network\"\n2127931 - Change default time range on Virtualization -\u003e Overview -\u003e Monitoring dashboard to 30 minutes\n2127947 - cluster-network-addons-config tlsSecurityProfle takes a long time to update after setting APIServer\n2128002 - Error after VM template deletion\n2128107 - sriov-manage command fails to enable SRIOV Virtual functions on the Ampere GPU Cards\n2128872 - [4.11]Can\u0027t restore cloned VM\n2128948 - Cannot create DataSource from default YAML\n2128949 - Cannot create MigrationPolicy from example YAML\n2128997 - [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity restricted:v1.24\n2129013 - Mark Windows 11 as TechPreview\n2129234 - Service is not deleted along with the VM when the VM is created from a template with service\n2129301 - Cloud-init network data don\u0027t wipe out on uncheck checkbox \u0027Add network data\u0027\n2129870 - crypto-policy : Accepting TLS 1.3 connections by validating webhook\n2130509 - Auto image import in failed state with data sources pointing to external manually-created PVC/DV\n2130588 - crypto-policy : Common Ciphers support by apiserver and hco\n2130695 - crypto-policy : Logging Improvement and publish the source of ciphers\n2130909 - Non-privileged user can start DataSource creation\n2131157 - KV data transfer rate chart in VM Metrics tab is not displayed\n2131165 - [dark mode] Additional statuses accordion on Virtualization Overview page not visible enough\n2131674 - Bump virtlogd memory requirement to 20Mi\n2132031 - Ensure Windows 2022 Templates are marked as TechPreview like it is done now for Windows 11\n2132682 - Default YAML entity name convention. \n2132721 - Delete dialogs\n2132744 - Description text is missing in Live Migrations section\n2132746 - Background is broken in Virtualization Monitoring page\n2132783 - VM can not be created from Template with edited boot source\n2132793 - Edited Template BSR is not saved\n2132932 - Typo in PVC size units menu\n2133540 - [pod security violation audit] Audit violation in \"cni-plugins\" container should be fixed\n2133541 - [pod security violation audit] Audit violation in \"bridge-marker\" container should be fixed\n2133542 - [pod security violation audit] Audit violation in \"manager\" container should be fixed\n2133543 - [pod security violation audit] Audit violation in \"kube-rbac-proxy\" container should be fixed\n2133655 - [pod security violation audit] Audit violation in \"cdi-operator\" container should be fixed\n2133656 - [4.12][pod security violation audit] Audit violation in \"hostpath-provisioner-operator\" container should be fixed\n2133659 - [pod security violation audit] Audit violation in \"cdi-controller\" container should be fixed\n2133660 - [pod security violation audit] Audit violation in \"cdi-source-update-poller\" container should be fixed\n2134123 - KubeVirtComponentExceedsRequestedMemory Alert for virt-handler pod\n2134672 - [e2e] add data-test-id for catalog -\u003e storage section\n2134825 - Authorization for expand-spec endpoint missing\n2135805 - Windows 2022 template is missing vTPM and UEFI params in spec\n2136051 - Name jumping when trying to create a VM with source from catalog\n2136425 - Windows 11 is detected as Windows 10\n2136534 - Not possible to specify a TTL on VMExports\n2137123 - VMExport: export pod is not PSA complaint\n2137241 - Checkbox about delete vm disks is not loaded while deleting VM\n2137243 - registery input add docker prefix twice\n2137349 - \"Manage source\" action infinitely loading on DataImportCron details page\n2137591 - Inconsistent dialog headings/titles\n2137731 - Link of VM status in overview is not working\n2137733 - No link for VMs in error status in \"VirtualMachine statuses\" card\n2137736 - The column name \"MigrationPolicy name\" can just be \"Name\"\n2137896 - crypto-policy: HCO should pick TLSProfile from apiserver if not provided explicitly\n2138112 - Unsupported S3 endpoint option in Add disk modal\n2138119 - \"Customize VirtualMachine\" flow is not user-friendly because settings are split into 2 modals\n2138199 - Win11 and Win22 templates are not filtered properly by Template provider\n2138653 - Saving Template prameters reloads the page\n2138657 - Setting DATA_SOURCE_* Template parameters makes VM creation fail\n2138664 - VM that was created with SSH key fails to start\n2139257 - Cannot add disk via \"Using an existing PVC\"\n2139260 - Clone button is disabled while VM is running\n2139293 - Non-admin user cannot load VM list page\n2139296 - Non-admin cannot load MigrationPolicies page\n2139299 - No auto-generated VM name while creating VM by non-admin user\n2139306 - Non-admin cannot create VM via customize mode\n2139479 - virtualization overview crashes for non-priv user\n2139574 - VM name gets \"emptyname\" if click the create button quickly\n2139651 - non-priv user can click create when have no permissions\n2139687 - catalog shows template list for non-priv users\n2139738 - [4.12]Can\u0027t restore cloned VM\n2139820 - non-priv user cant reach vm details\n2140117 - Provide upgrade path from 4.11.1-\u003e4.12.0\n2140521 - Click the breadcrumb list about \"VirtualMachines\" goes to undefined project\n2140534 - [View only] it should give a permission error when user clicking the VNC play/connect button as a view only user\n2140627 - Not able to select storageClass if there is no default storageclass defined\n2140730 - Links on Virtualization Overview page lead to wrong namespace for non-priv user\n2140808 - Hyperv feature set to \"enabled: false\" prevents scheduling\n2140977 - Alerts number is not correct on Virtualization overview\n2140982 - The base template of cloned template is \"Not available\"\n2140998 - Incorrect information shows in overview page per namespace\n2141089 - Unable to upload boot images. \n2141302 - Unhealthy states alerts and state metrics are missing\n2141399 - Unable to set TLS Security profile for CDI using HCO jsonpatch annotations\n2141494 - \"Start in pause mode\" option is not available while creating the VM\n2141654 - warning log appearing on VMs: found no SR-IOV networks\n2141711 - Node column selector is redundant for non-priv user\n2142468 - VM action \"Stop\" should not be disabled when VM in pause state\n2142470 - Delete a VM or template from all projects leads to 404 error\n2142511 - Enhance alerts card in overview\n2142647 - Error after MigrationPolicy deletion\n2142891 - VM latency checkup: Failed to create the checkup\u0027s Job\n2142929 - Permission denied when try get instancestypes\n2143268 - Topolvm storageProfile missing accessModes and volumeMode\n2143498 - Could not load template while creating VM from catalog\n2143964 - Could not load template while creating VM from catalog\n2144580 - \"?\" icon is too big in VM Template Disk tab\n2144828 - \"?\" icon is too big in VM Template Disk tab\n2144839 - Alerts number is not correct on Virtualization overview\n2153849 - After upgrade to 4.11.1-\u003e4.12.0 hco.spec.workloadUpdateStrategy value is getting overwritten\n2155757 - Incorrect upstream-version label \"v1.6.0-unstable-410-g09ea881c\" is tagged to 4.12 hyperconverged-cluster-operator-container and hyperconverged-cluster-webhook-container\n\n5. Description:\n\nMulticluster Engine for Kubernetes 2.0.2 images\n\nMulticluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds. \n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters or to bring existing Kubernetes-based clusters under management by\nimporting them. After the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy. \n\nSecurity updates:\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n* vm2: Sandbox Escape in vm2 (CVE-2022-36067)\n\nBug fix:\n\n* MCE 2.0.2 images (BZ# 2104569)\n\n3. Solution:\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n2104569 - MCE 2.0.2 Images\n2105075 - CVE-2022-31129 moment: inefficient parsing algorithm resulting in DoS\n2124794 - CVE-2022-36067 vm2: Sandbox Escape in vm2\n\n5. \n\nBug Fix(es):\n\n* Cloning a Block DV to VM with Filesystem with not big enough size comes\nto endless loop - using pvc api (BZ#2033191)\n\n* Restart of VM Pod causes SSH keys to be regenerated within VM\n(BZ#2087177)\n\n* Import gzipped raw file causes image to be downloaded and uncompressed to\nTMPDIR (BZ#2089391)\n\n* [4.11] VM Snapshot Restore hangs indefinitely when backed by a\nsnapshotclass (BZ#2098225)\n\n* Fedora version in DataImportCrons is not \u0027latest\u0027 (BZ#2102694)\n\n* [4.11] Cloned VM\u0027s snapshot restore fails if the source VM disk is\ndeleted (BZ#2109407)\n\n* CNV introduces a compliance check fail in \"ocp4-moderate\" profile -\nroutes-protected-by-tls (BZ#2110562)\n\n* Nightly build: v4.11.0-578: index format was changed in 4.11 to\nfile-based instead of sqlite-based (BZ#2112643)\n\n* Unable to start windows VMs on PSI setups (BZ#2115371)\n\n* [4.11.1]virt-launcher cannot be started on OCP 4.12 due to PodSecurity\nrestricted:v1.24 (BZ#2128997)\n\n* Mark Windows 11 as TechPreview (BZ#2129013)\n\n* 4.11.1 rpms (BZ#2139453)\n\nThis advisory contains the following OpenShift Virtualization 4.11.1\nimages. \n\nRHEL-8-CNV-4.11\n\nvirt-cdi-operator-container-v4.11.1-5\nvirt-cdi-uploadserver-container-v4.11.1-5\nvirt-cdi-apiserver-container-v4.11.1-5\nvirt-cdi-importer-container-v4.11.1-5\nvirt-cdi-controller-container-v4.11.1-5\nvirt-cdi-cloner-container-v4.11.1-5\nvirt-cdi-uploadproxy-container-v4.11.1-5\ncheckup-framework-container-v4.11.1-3\nkubevirt-tekton-tasks-wait-for-vmi-status-container-v4.11.1-7\nkubevirt-tekton-tasks-create-datavolume-container-v4.11.1-7\nkubevirt-template-validator-container-v4.11.1-4\nvirt-handler-container-v4.11.1-5\nhostpath-provisioner-operator-container-v4.11.1-4\nvirt-api-container-v4.11.1-5\nvm-network-latency-checkup-container-v4.11.1-3\ncluster-network-addons-operator-container-v4.11.1-5\nvirtio-win-container-v4.11.1-4\nvirt-launcher-container-v4.11.1-5\novs-cni-marker-container-v4.11.1-5\nhyperconverged-cluster-webhook-container-v4.11.1-7\nvirt-controller-container-v4.11.1-5\nvirt-artifacts-server-container-v4.11.1-5\nkubevirt-tekton-tasks-modify-vm-template-container-v4.11.1-7\nkubevirt-tekton-tasks-disk-virt-customize-container-v4.11.1-7\nlibguestfs-tools-container-v4.11.1-5\nhostpath-provisioner-container-v4.11.1-4\nkubevirt-tekton-tasks-disk-virt-sysprep-container-v4.11.1-7\nkubevirt-tekton-tasks-copy-template-container-v4.11.1-7\ncnv-containernetworking-plugins-container-v4.11.1-5\nbridge-marker-container-v4.11.1-5\nvirt-operator-container-v4.11.1-5\nhostpath-csi-driver-container-v4.11.1-4\nkubevirt-tekton-tasks-create-vm-from-template-container-v4.11.1-7\nkubemacpool-container-v4.11.1-5\nhyperconverged-cluster-operator-container-v4.11.1-7\nkubevirt-ssp-operator-container-v4.11.1-4\novs-cni-plugin-container-v4.11.1-5\nkubevirt-tekton-tasks-cleanup-vm-container-v4.11.1-7\nkubevirt-tekton-tasks-operator-container-v4.11.1-2\ncnv-must-gather-container-v4.11.1-8\nkubevirt-console-plugin-container-v4.11.1-9\nhco-bundle-registry-container-v4.11.1-49\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP1 security update\nAdvisory ID: RHSA-2022:8840-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:8840\nIssue date: 2022-12-08\nCVE Names: CVE-2022-1292 CVE-2022-2068 CVE-2022-22721\n CVE-2022-23943 CVE-2022-26377 CVE-2022-28330\n CVE-2022-28614 CVE-2022-28615 CVE-2022-30522\n CVE-2022-31813 CVE-2022-32206 CVE-2022-32207\n CVE-2022-32208 CVE-2022-32221 CVE-2022-35252\n CVE-2022-42915 CVE-2022-42916\n====================================================================\n1. Summary:\n\nAn update is now available for Red Hat JBoss Core Services. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, x86_64\nRed Hat JBoss Core Services on RHEL 8 - noarch, x86_64\n\n3. Description:\n\nRed Hat JBoss Core Services is a set of supplementary software for Red Hat\nJBoss middleware products. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nService Pack 1 serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.51, and includes bug fixes and enhancements, which\nare documented in the Release Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* curl: HSTS bypass via IDN (CVE-2022-42916)\n\n* curl: HTTP proxy double-free (CVE-2022-42915)\n\n* curl: POST following PUT confusion (CVE-2022-32221)\n\n* httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n(CVE-2022-31813)\n\n* httpd: mod_sed: DoS vulnerability (CVE-2022-30522)\n\n* httpd: out-of-bounds read in ap_strcmp_match() (CVE-2022-28615)\n\n* httpd: out-of-bounds read via ap_rwrite() (CVE-2022-28614)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-26377)\n\n* curl: control code in cookie denial of service (CVE-2022-35252)\n\n* jbcs-httpd24-httpd: httpd: mod_isapi: out-of-bounds read (CVE-2022-28330)\n\n* curl: Unpreserved file permissions (CVE-2022-32207)\n\n* curl: various flaws (CVE-2022-32206 CVE-2022-32208)\n\n* openssl: the c_rehash script allows command injection (CVE-2022-2068)\n\n* openssl: c_rehash script allows command injection (CVE-2022-1292)\n\n* jbcs-httpd24-httpd: httpd: core: Possible buffer overflow with very large\nor unlimited LimitXMLRequestBody (CVE-2022-22721)\n\n* jbcs-httpd24-httpd: httpd: mod_sed: Read/write beyond bounds\n(CVE-2022-23943)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nApplications using the APR libraries, such as httpd, must be restarted for\nthis update to take effect. After installing the updated packages, the\nhttpd daemon will be restarted automatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2064319 - CVE-2022-23943 httpd: mod_sed: Read/write beyond bounds\n2064320 - CVE-2022-22721 httpd: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody\n2081494 - CVE-2022-1292 openssl: c_rehash script allows command injection\n2094997 - CVE-2022-26377 httpd: mod_proxy_ajp: Possible request smuggling\n2095000 - CVE-2022-28330 httpd: mod_isapi: out-of-bounds read\n2095002 - CVE-2022-28614 httpd: Out-of-bounds read via ap_rwrite()\n2095006 - CVE-2022-28615 httpd: Out-of-bounds read in ap_strcmp_match()\n2095015 - CVE-2022-30522 httpd: mod_sed: DoS vulnerability\n2095020 - CVE-2022-31813 httpd: mod_proxy: X-Forwarded-For dropped by hop-by-hop mechanism\n2097310 - CVE-2022-2068 openssl: the c_rehash script allows command injection\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2099305 - CVE-2022-32207 curl: Unpreserved file permissions\n2099306 - CVE-2022-32208 curl: FTP-KRB bad message verification\n2120718 - CVE-2022-35252 curl: control code in cookie denial of service\n2135411 - CVE-2022-32221 curl: POST following PUT confusion\n2135413 - CVE-2022-42915 curl: HTTP proxy double-free\n2135416 - CVE-2022-42916 curl: HSTS bypass via IDN\n\n6. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-apr-util-1.6.1-99.el7jbcs.src.rpm\njbcs-httpd24-curl-7.86.0-2.el7jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-37.el7jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el7jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-18.el7jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-22.el7jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-13.el7jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-37.el7jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-util-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-99.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.86.0-2.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-44.redhat_1.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-18.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-18.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-22.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-22.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-37.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-11.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-13.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el7jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-13.el7jbcs.x86_64.rpm\n\nRed Hat JBoss Core Services on RHEL 8:\n\nSource:\njbcs-httpd24-apr-util-1.6.1-99.el8jbcs.src.rpm\njbcs-httpd24-curl-7.86.0-2.el8jbcs.src.rpm\njbcs-httpd24-httpd-2.4.51-37.el8jbcs.src.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.src.rpm\njbcs-httpd24-mod_jk-1.2.48-44.redhat_1.el8jbcs.src.rpm\njbcs-httpd24-mod_md-2.4.0-18.el8jbcs.src.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.src.rpm\njbcs-httpd24-mod_security-2.9.3-22.el8jbcs.src.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.src.rpm\njbcs-httpd24-openssl-1.1.1k-13.el8jbcs.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.51-37.el8jbcs.noarch.rpm\n\nx86_64:\njbcs-httpd24-apr-util-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-devel-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-ldap-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-mysql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-nss-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-odbc-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-openssl-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-pgsql-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-apr-util-sqlite-debuginfo-1.6.1-99.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-curl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-httpd-tools-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-debuginfo-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-libcurl-devel-7.86.0-2.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.19-20.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.19-20.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-debuginfo-1.2.48-44.redhat_1.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ldap-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-2.4.0-18.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.4.0-18.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-1.3.17-13.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_cluster-debuginfo-1.3.17-13.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_proxy_html-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-2.9.3-22.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.3-22.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_session-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-mod_ssl-debuginfo-2.4.51-37.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.43.0-11.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-17.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-17.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-libs-debuginfo-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1k-13.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-32.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-32.el8jbcs.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1k-13.el8jbcs.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2022-1292\nhttps://access.redhat.com/security/cve/CVE-2022-2068\nhttps://access.redhat.com/security/cve/CVE-2022-22721\nhttps://access.redhat.com/security/cve/CVE-2022-23943\nhttps://access.redhat.com/security/cve/CVE-2022-26377\nhttps://access.redhat.com/security/cve/CVE-2022-28330\nhttps://access.redhat.com/security/cve/CVE-2022-28614\nhttps://access.redhat.com/security/cve/CVE-2022-28615\nhttps://access.redhat.com/security/cve/CVE-2022-30522\nhttps://access.redhat.com/security/cve/CVE-2022-31813\nhttps://access.redhat.com/security/cve/CVE-2022-32206\nhttps://access.redhat.com/security/cve/CVE-2022-32207\nhttps://access.redhat.com/security/cve/CVE-2022-32208\nhttps://access.redhat.com/security/cve/CVE-2022-32221\nhttps://access.redhat.com/security/cve/CVE-2022-35252\nhttps://access.redhat.com/security/cve/CVE-2022-42915\nhttps://access.redhat.com/security/cve/CVE-2022-42916\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBY5ISE9zjgjWX9erEAQixuA//dX5Q3wtu2MRvrjD/sK/r6dqBz4fWWhS9\nws2A8cRa5ki3RlCaYQ3pP7LkRtIdankAP3HG1NU4er/odsMEW5aEgku+5foV7w4M\nWEd0USLKs3Pw5a7/3TjOBUf5CA7oet03C7/u9idWaLD/ip4UMhskSnz33qFQSFZf\nFAWNdsRhH8+ql6qFMg9Odv5RFX3i2+wBy5pC69Akr2FBEt9j+/PbvSPWuPD26n6H\n0l+QUKrI3OW1EHzz+S/8aEfTFKLluXfhVJn61wdA8Kjs4ZKrnBz8czJjxn4hOi7a\nz0tpzg5d1BJEf/UB7EdyyLBGRIliWhf978qtG8QS37GEgnQSof2xgcfu1NGiHl9j\nypCqX1R4oOkeoISynnZUKWZ1uFp5GkMiRtPu0Bw7WYB6z/8OWZce4yIqh1rcG09d\nNcyleabDtpJ7C3BJQzpnhXAWjri7oJ6wHBvcbQ9sLj2xkQRX2Zpi0KJGIH8iLwdn\nIk+RIZ7u/mXeW3ulcwiQTPYbTQLWGXqgZV1qxJq91HIcu+y3STQwZjb4fZuqjH5M\nonO/rF2y50l9LqArg/v9KAJUbHSKMDP6r7Dx02J+iKjW3g7NczoImrU7JcyAgce9\nmCN7gMmU9bQx1tagIKcKKW5IVN/jHyWKJW/t0teoaECsa2LMgoEIt+6RcmQXWpdF\n6t6oQh+b3NY=UGfz\n-----END PGP SIGNATURE-----\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nThe curl packages provide the libcurl library and the curl utility for\ndownloading files from servers using various protocols, including HTTP,\nFTP, and LDAP. Bugs fixed (https://bugzilla.redhat.com/):\n\n2099300 - CVE-2022-32206 curl: HTTP compression denial of service\n2167815 - CVE-2023-23916 curl: HTTP multi-header compression denial of service\n\n6",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32206"
},
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "168275"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "172765"
},
{
"db": "PACKETSTORM",
"id": "168284"
}
],
"trust": 1.71
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2022-32206",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2023/02/15/3",
"trust": 1.6
},
{
"db": "HACKERONE",
"id": "1570651",
"trust": 1.6
},
{
"db": "SIEMENS",
"id": "SSA-333517",
"trust": 1.6
},
{
"db": "PACKETSTORM",
"id": "168347",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "170166",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168284",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2022.3366",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6333",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3732",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.6290",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4468",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4757",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3143",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.3238",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4324",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5247",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4266",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4112",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.3117",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5632",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2023.2163",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.5300",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4525",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.4568",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "167607",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168301",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168174",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168503",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "168378",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169443",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022071152",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062927",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-32206",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168538",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170741",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "170083",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "172765",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "168275"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "172765"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"id": "VAR-202206-1900",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5566514
},
"last_update_date": "2026-04-10T23:28:19.708000Z",
"patch": {
"_id": null,
"data": [
{
"title": "curl Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=198520"
},
{
"title": "Ubuntu Security Notice: USN-5495-1: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-5495-1"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-770",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.6,
"url": "https://hackerone.com/reports/1570651"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2022/oct/41"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2023/02/15/3"
},
{
"trust": 1.6,
"url": "https://www.debian.org/security/2022/dsa-5197"
},
{
"trust": 1.6,
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"trust": 1.6,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf"
},
{
"trust": 1.6,
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2022/oct/28"
},
{
"trust": 1.6,
"url": "https://support.apple.com/kb/ht213488"
},
{
"trust": 1.6,
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2022-32206"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2022-32208"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1292"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-1292"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2022-2068"
},
{
"trust": 0.6,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/bev6br4mti3cewk2yu2hqzuw5fas3fey/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3143"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/curl-denial-of-service-via-http-compression-38671"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062927"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht213488"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168347/red-hat-security-advisory-2022-6422-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6290"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168301/red-hat-security-advisory-2022-6287-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168174/red-hat-security-advisory-2022-6157-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4112"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5300"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/170166/red-hat-security-advisory-2022-8840-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168378/red-hat-security-advisory-2022-6507-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5247"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.6333"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3366"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168503/red-hat-security-advisory-2022-6560-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4757"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/167607/ubuntu-security-notice-usn-5495-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.2163"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022071152"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3732"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2023.3238"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168284/red-hat-security-advisory-2022-6183-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4266"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-32206/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.5632"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4468"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4324"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4525"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169443/red-hat-security-advisory-2022-7058-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.3117"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4568"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-2097"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-1586"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1586"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2022-29154"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32206"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2068"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-1785"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-1897"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-1927"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2022-2526"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32208"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0391"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-20107"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1897"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2015-20107"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30629"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2097"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1785"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-0391"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-34903"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-32148"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-1705"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-2526"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2022-30631"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29154"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1927"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-36067"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-31129"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32148"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1705"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30631"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30698"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26716"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27406"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30293"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35525"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-40674"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-38561"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22624"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22662"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-0308"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35527"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-0934"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-0256"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-3709"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-3709"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22629"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26717"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35525"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-24795"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26719"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-2509"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26709"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0256"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26700"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27405"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25308"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-26710"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-1304"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25309"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-27404"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-30699"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35527"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25310"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22628"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-0934"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-0308"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-37434"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-3515"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5495-1"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html-single/install/index#installing"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27782"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6696"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21123"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32250"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31150"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-21123"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21166"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-21125"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40528"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1729"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27666"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-27774"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-1012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-40528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29824"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31151"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6344"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.11/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:0408"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30632"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23772"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28131"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29526"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30633"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42898"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23773"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30630"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1962"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30635"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-3787"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44716"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23806"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-1798"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44717"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31129"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.5/html-single/multicluster_engine/index#installing-while-connected-online"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-36067"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28327"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24921"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-24675"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-38178"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32207"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42915"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-42916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-35252"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28330"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-32221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:8840"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-32221"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2023-23916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-23916"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2023:3460"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-release-notes.html"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.10/logging/cluster-logging-upgrading.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6183"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-32206"
},
{
"db": "PACKETSTORM",
"id": "168538"
},
{
"db": "PACKETSTORM",
"id": "168275"
},
{
"db": "PACKETSTORM",
"id": "170741"
},
{
"db": "PACKETSTORM",
"id": "168347"
},
{
"db": "PACKETSTORM",
"id": "170083"
},
{
"db": "PACKETSTORM",
"id": "170166"
},
{
"db": "PACKETSTORM",
"id": "172765"
},
{
"db": "PACKETSTORM",
"id": "168284"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
},
{
"db": "NVD",
"id": "CVE-2022-32206"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULMON",
"id": "CVE-2022-32206",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168538",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168275",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "170741",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168347",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "170083",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "170166",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "172765",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168284",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2565",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2022-32206",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2022-09-27T16:01:00",
"db": "PACKETSTORM",
"id": "168538",
"ident": null
},
{
"date": "2022-09-07T16:50:50",
"db": "PACKETSTORM",
"id": "168275",
"ident": null
},
{
"date": "2023-01-26T15:29:09",
"db": "PACKETSTORM",
"id": "170741",
"ident": null
},
{
"date": "2022-09-13T15:29:12",
"db": "PACKETSTORM",
"id": "168347",
"ident": null
},
{
"date": "2022-12-02T15:57:08",
"db": "PACKETSTORM",
"id": "170083",
"ident": null
},
{
"date": "2022-12-08T21:28:44",
"db": "PACKETSTORM",
"id": "170166",
"ident": null
},
{
"date": "2023-06-06T17:04:24",
"db": "PACKETSTORM",
"id": "172765",
"ident": null
},
{
"date": "2022-09-07T16:57:47",
"db": "PACKETSTORM",
"id": "168284",
"ident": null
},
{
"date": "2022-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2565",
"ident": null
},
{
"date": "2022-07-07T13:15:08.340000",
"db": "NVD",
"id": "CVE-2022-32206",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2023-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2565",
"ident": null
},
{
"date": "2025-05-05T17:18:13.120000",
"db": "NVD",
"id": "CVE-2022-32206",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "curl Resource Management Error Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
}
],
"trust": 0.6
},
"type": {
"_id": null,
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2565"
}
],
"trust": 0.6
}
}
VDE-2022-046
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2022-11-10 07:00 - Updated: 2025-05-22 13:03Summary
PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware
Notes
Summary: UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022) Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements. PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2. This certification requires that all third-party components used in the firmware are regularly checked for known vulnerabilities.
Impact: Availability, integrity, or confidentiality of the PLCnext Control might be compromised by attacks using these vulnerabilities.
Mitigation: Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Remediation: Update to the latest LTS Firmware Release.
Update to the latest LTS PLCnext Engineer Release.
Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors.
8.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use After Free in GitHub repository vim/vim prior to 8.2.4979.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use After Free in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).
8.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when '--no-clobber' is used together with '--remove-on-error'.
8.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
5.3 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
5.7 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.
4.3 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like 'http://example.com%2F127.0.0.1/', would be allowed bythe parser and get transposed into 'http://example.com/127.0.0.1/'. This flawcan be used to circumvent filters, checks and more.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
libcurl provides the 'CURLOPT_CERTINFO' option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
5.9 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
A malicious server can serve excessive amounts of 'Set-Cookie:' headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on 'foo.example.com' can set cookies that also would match for 'bar.example.com', making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
4.3 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
8.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.
8.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
vim is vulnerable to Heap-based Buffer Overflow
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
vim is vulnerable to Use After Free
7.3 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
vim is vulnerable to Out-of-bounds Read
7.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.0046.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage for further Updates of this Advisory.
Affected products
Fixed
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — | ||
| Unresolved product id: CSAFPID-32009 | — |
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — |
References
4 references
Acknowledgments
CERT@VDE
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "UPDATE A: Two devices (ENERGY AXC PU, SMARTRTU AXC SG) added (24.11.2022) Update for PLCnext Firmware containing fixes for recent vulnerability findings in Linux components and security enhancements. PLCnext Control AXC F x152 is certified according to IEC 62443-4-1 and IEC 62443-4-2. This certification requires that all third-party components used in the firmware are regularly checked for known vulnerabilities.",
"title": "Summary"
},
{
"category": "description",
"text": "Availability, integrity, or confidentiality of the PLCnext Control might be compromised by attacks using these vulnerabilities.",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to the latest LTS Firmware Release.\nUpdate to the latest LTS PLCnext Engineer Release.\n\nPlease check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PHOENIX CONTACT PSIRT ",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for PHOENIX CONTACT",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
},
{
"category": "self",
"summary": "VDE-2022-046: PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware - HTML",
"url": "https://certvde.com/en/advisories/VDE-2022-046/"
},
{
"category": "self",
"summary": "VDE-2022-046: PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2022/vde-2022-046.json"
}
],
"title": "PHOENIX CONTACT: Multiple Linux component vulnerabilities in PLCnext Firmware",
"tracking": {
"aliases": [
"VDE-2022-046"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2025-04-01T06:22:01.779Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.22"
}
},
"id": "VDE-2022-046",
"initial_release_date": "2022-11-10T07:00:00.000Z",
"revision_history": [
{
"date": "2022-10-11T06:00:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2022-11-24T07:51:00.000Z",
"number": "2",
"summary": "Update A"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "3",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXC F 1152",
"product": {
"name": "AXC F 1152",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 2152",
"product": {
"name": "AXC F 2152",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 3152",
"product": {
"name": "AXC F 3152",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
}
},
{
"category": "product_name",
"name": "BPC 9102S",
"product": {
"name": "BPC 9102S",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
}
},
{
"category": "product_name",
"name": "ENERGY AXC PU",
"product": {
"name": "ENERGY AXC PU",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1264327"
]
}
}
},
{
"category": "product_name",
"name": "EPC 1502",
"product": {
"name": "EPC 1502",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"1185416"
]
}
}
},
{
"category": "product_name",
"name": "EPC 1522",
"product": {
"name": "EPC 1522",
"product_id": "CSAFPID-11007",
"product_identification_helper": {
"model_numbers": [
"1185423"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072S",
"product": {
"name": "RFC 4072S",
"product_id": "CSAFPID-11008",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
}
},
{
"category": "product_name",
"name": "SMARTRTU AXC SG",
"product": {
"name": "SMARTRTU AXC SG",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"1110435"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2022.0.8 LTS",
"product": {
"name": "Firmware \u003c2022.0.8 LTS",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version_range",
"name": "\u003cV04.14.00.00",
"product": {
"name": "Firmware \u003cV04.14.00.00",
"product_id": "CSAFPID-21002"
}
},
{
"category": "product_version_range",
"name": "\u003c2022.0.7 LTS",
"product": {
"name": "Firmware \u003c2022.0.7 LTS",
"product_id": "CSAFPID-21003"
}
},
{
"category": "product_version_range",
"name": "\u003cV01.09.00.00",
"product": {
"name": "Firmware \u003cV01.09.00.00",
"product_id": "CSAFPID-21004"
}
},
{
"category": "product_version",
"name": "2022.0.8 LTS",
"product": {
"name": "Firmware 2022.0.8 LTS",
"product_id": "CSAFPID-22001"
}
},
{
"category": "product_version",
"name": "V04.14.00.00",
"product": {
"name": "Firmware V04.14.00.00",
"product_id": "CSAFPID-22002"
}
},
{
"category": "product_version",
"name": "2022.0.7 LTS",
"product": {
"name": "Firmware 2022.0.7 LTS",
"product_id": "CSAFPID-22003"
}
},
{
"category": "product_version",
"name": "V01.09.00.00",
"product": {
"name": "Firmware V01.09.00.00",
"product_id": "CSAFPID-22004"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"summary": "Fixed Products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on AXC F 1152",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on AXC F 1152",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on AXC F 2152",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on AXC F 2152",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on AXC F 3152",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on AXC F 3152",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on BPC 9102S",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on BPC 9102S",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV04.14.00.00 installed on ENERGY AXC PU",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V04.14.00.00 installed on ENERGY AXC PU",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22002",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.7 LTS installed on EPC 1502",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.7 LTS installed on EPC 1502",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.7 LTS installed on EPC 1522",
"product_id": "CSAFPID-31007"
},
"product_reference": "CSAFPID-21003",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.7 LTS installed on EPC 1522",
"product_id": "CSAFPID-32007"
},
"product_reference": "CSAFPID-22003",
"relates_to_product_reference": "CSAFPID-11007"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2022.0.8 LTS installed on RFC 4072S",
"product_id": "CSAFPID-31008"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2022.0.8 LTS installed on RFC 4072S",
"product_id": "CSAFPID-32008"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11008"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003cV01.09.00.00 installed on SMARTRTU AXC SG",
"product_id": "CSAFPID-31009"
},
"product_reference": "CSAFPID-21004",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware V01.09.00.00 installed on SMARTRTU AXC SG",
"product_id": "CSAFPID-32009"
},
"product_reference": "CSAFPID-22004",
"relates_to_product_reference": "CSAFPID-11009"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-29824",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don\u0027t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2\u0027s buffer functions, for example libxslt through 1.1.35, is affected as well.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-29824"
},
{
"cve": "CVE-2022-23308",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-23308"
},
{
"cve": "CVE-2022-28391",
"notes": [
{
"category": "description",
"text": "BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record\u0027s value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal\u0027s colors.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-28391"
},
{
"cve": "CVE-2022-0547",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "description",
"text": "OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0547"
},
{
"cve": "CVE-2022-1381",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1381"
},
{
"cve": "CVE-2022-1420",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "description",
"text": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1420"
},
{
"cve": "CVE-2022-1733",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1733"
},
{
"cve": "CVE-2022-1796",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 8.2.4979.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1796"
},
{
"cve": "CVE-2022-1621",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1621"
},
{
"cve": "CVE-2022-1616",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1616"
},
{
"cve": "CVE-2022-25313",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "description",
"text": "In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25313"
},
{
"cve": "CVE-2021-45117",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2021-45117"
},
{
"cve": "CVE-2022-1619",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1619"
},
{
"cve": "CVE-2022-25235",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "description",
"text": "xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25235"
},
{
"cve": "CVE-2022-25236",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "description",
"text": "xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25236"
},
{
"cve": "CVE-2022-1629",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1629"
},
{
"cve": "CVE-2022-1735",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "description",
"text": "Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1735"
},
{
"cve": "CVE-2022-1769",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1769"
},
{
"cve": "CVE-2022-1785",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1785"
},
{
"cve": "CVE-2022-1620",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1620"
},
{
"cve": "CVE-2022-1674",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1674"
},
{
"cve": "CVE-2022-1771",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "description",
"text": "Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1771"
},
{
"cve": "CVE-2022-1886",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1886"
},
{
"cve": "CVE-2022-1851",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1851"
},
{
"cve": "CVE-2022-1898",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1898"
},
{
"cve": "CVE-2022-1720",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1720"
},
{
"cve": "CVE-2018-25032",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2018-25032"
},
{
"cve": "CVE-2022-22576",
"cwe": {
"id": "CWE-306",
"name": "Missing Authentication for Critical Function"
},
"notes": [
{
"category": "description",
"text": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-22576"
},
{
"cve": "CVE-2022-27778",
"cwe": {
"id": "CWE-706",
"name": "Use of Incorrectly-Resolved Name or Reference"
},
"notes": [
{
"category": "description",
"text": "A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when \u0027--no-clobber\u0027 is used together with \u0027--remove-on-error\u0027.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27778"
},
{
"cve": "CVE-2022-27779",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "description",
"text": "libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl\u0027s \"cookie engine\" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27779"
},
{
"cve": "CVE-2022-27782",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "description",
"text": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-27774",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "description",
"text": "An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.7,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.7,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27774"
},
{
"cve": "CVE-2022-25314",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25314"
},
{
"cve": "CVE-2022-25315",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-25315"
},
{
"cve": "CVE-2022-27776",
"cwe": {
"id": "CWE-522",
"name": "Insufficiently Protected Credentials"
},
"notes": [
{
"category": "description",
"text": "A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27776"
},
{
"cve": "CVE-2022-30115",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "description",
"text": "Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-30115"
},
{
"cve": "CVE-2022-27780",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "description",
"text": "The curl URL parser wrongly accepts percent-encoded URL separators like \u0027/\u0027when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like \u0027http://example.com%2F127.0.0.1/\u0027, would be allowed bythe parser and get transposed into \u0027http://example.com/127.0.0.1/\u0027. This flawcan be used to circumvent filters, checks and more.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27780"
},
{
"cve": "CVE-2022-27781",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "libcurl provides the \u0027CURLOPT_CERTINFO\u0027 option to allow applications torequest details to be returned about a server\u0027s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27781"
},
{
"cve": "CVE-2022-27775",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "description",
"text": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-27775"
},
{
"cve": "CVE-2022-32207",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "description",
"text": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32206",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32208",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32205",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "A malicious server can serve excessive amounts of \u0027Set-Cookie:\u0027 headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on \u0027foo.example.com\u0027 can set cookies that also would match for \u0027bar.example.com\u0027, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2019-19906",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2019-19906"
},
{
"cve": "CVE-2022-24407",
"cwe": {
"id": "CWE-89",
"name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
},
"notes": [
{
"category": "description",
"text": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-24407"
},
{
"cve": "CVE-2022-1154",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1154"
},
{
"cve": "CVE-2022-0943",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0943"
},
{
"cve": "CVE-2022-1160",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1160"
},
{
"cve": "CVE-2022-0729",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "description",
"text": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0729"
},
{
"cve": "CVE-2022-0572",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0572"
},
{
"cve": "CVE-2022-0696",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0696"
},
{
"cve": "CVE-2022-0685",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "description",
"text": "Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0685"
},
{
"cve": "CVE-2022-0714",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0714"
},
{
"cve": "CVE-2022-0361",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0361"
},
{
"cve": "CVE-2022-0368",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0368"
},
{
"cve": "CVE-2021-3973",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "vim is vulnerable to Heap-based Buffer Overflow",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2021-3973"
},
{
"cve": "CVE-2021-3796",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "vim is vulnerable to Use After Free",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2021-3796"
},
{
"cve": "CVE-2021-4166",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "vim is vulnerable to Out-of-bounds Read",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2021-4166"
},
{
"cve": "CVE-2022-1927",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1927"
},
{
"cve": "CVE-2022-1942",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-1942"
},
{
"cve": "CVE-2022-2129",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2129"
},
{
"cve": "CVE-2022-2175",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2175"
},
{
"cve": "CVE-2022-2182",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2182"
},
{
"cve": "CVE-2022-0778",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-0778"
},
{
"cve": "CVE-2022-2183",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2183"
},
{
"cve": "CVE-2022-2343",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2343"
},
{
"cve": "CVE-2022-2207",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2207"
},
{
"cve": "CVE-2022-2210",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2210"
},
{
"cve": "CVE-2022-2344",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2344"
},
{
"cve": "CVE-2022-2345",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0046.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2345"
},
{
"cve": "CVE-2022-2208",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2208"
},
{
"cve": "CVE-2022-2231",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2231"
},
{
"cve": "CVE-2022-2287",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2287"
},
{
"cve": "CVE-2022-2285",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2285"
},
{
"cve": "CVE-2022-2284",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2284"
},
{
"cve": "CVE-2022-2286",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2286"
},
{
"cve": "CVE-2022-2289",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2289"
},
{
"cve": "CVE-2022-2288",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2288"
},
{
"cve": "CVE-2022-2264",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2264"
},
{
"cve": "CVE-2022-2206",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2206"
},
{
"cve": "CVE-2022-2257",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-2257"
},
{
"cve": "CVE-2022-29862",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "description",
"text": "An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-29862"
},
{
"cve": "CVE-2022-29864",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006",
"CSAFPID-32007",
"CSAFPID-32008",
"CSAFPID-32009"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:Measures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest LTS Firmware Release.Update to the latest LTS PLCnext Engineer Release.Please check Phoenix Contact PSIRT webpage\u00a0for further Updates of this Advisory.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009"
]
}
],
"title": "CVE-2022-29864"
}
]
}
VDE-2023-001
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2023-02-14 07:50 - Updated: 2025-06-05 13:28Summary
PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware
Notes
Summary: A new LTS Firmware release fixes known vulnerabilities in used open-source libraries.
In addition, the following improvements have been implemented:
HMI
- Hardening against DoS attacks. - Hardening against memory leak problems in case of network attacks.
WBM
- Umlauts in the password of the 'User Manager' were not handled correctly. The password rule for upper and lower case was not followed. This could lead to unintentionally weaker passwords.- Hardening of WBM against Cross-Site-Scripting.
User Manager
- In security notifications 'SecurityToken' was always displayed as '0000000' when creating or modifying users.- Hardening of Trust and Identity Stores.
Impact: Please consult the CVE entries listed above.
Mitigation: Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Remediation: Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
8.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.
CWE-20 - Improper Input Validation
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Git is an open source, scalable, distributed revision control system. 'git shell' is a restricted login shell that can be used to implement Git's push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an 'int' to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to 'execv()', it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to 'git shell' as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling 'git shell' access via remote logins is a viable short-term workaround.
8.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source's '$GIT_DIR/objects' directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via '--no-hardlinks'). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim's machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the '--recurse-submodules' option. Git does not create symbolic links in the '$GIT_DIR/objects' directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the '--local' optimization when on a shared machine, either by passing the '--no-local' option to 'git clone' or cloning from a URL that uses the 'file://' scheme. Alternatively, avoid cloning repositories from untrusted sources with '--recurse-submodules' or run 'git config --global protocol.file.allow user'.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.
8.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.
6.6 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
5.3 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker's control) that doesn't properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
7.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.0530.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
6.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
5.9 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
A malicious server can serve excessive amounts of 'Set-Cookie:' headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on 'foo.example.com' can set cookies that also would match for 'bar.example.com', making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
4.3 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.0579.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.0614.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.
7.5 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).
9.8 (Critical)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Buffer Over-read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.0046.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
5.5 (Medium)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.1 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Use After Free in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
7.8 (High)
Mitigation
Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:
Measures to protect network-capable devices with Ethernet connection
Vendor Fix
Update to the latest 2023.0.0 LTS Firmware Release.
PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32003 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32006 | — |
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31003 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31006 | — |
References
4 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination",
"urls": [
"https://certvde.com"
]
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "A new LTS Firmware release fixes known vulnerabilities in used open-source libraries.\nIn addition, the following improvements\u00a0have been implemented:\nHMI\n- Hardening against DoS attacks. - Hardening against memory leak problems in case of network attacks.\nWBM\n- Umlauts in the password of the \u0027User Manager\u0027 were not handled correctly. The password rule for upper and lower case was not followed. This could lead to unintentionally weaker passwords.- Hardening of WBM against Cross-Site-Scripting.\nUser Manager\n- In security notifications \u0027SecurityToken\u0027 was always displayed as \u00270000000\u0027 when creating or modifying users.- Hardening of Trust and Identity Stores.",
"title": "Summary"
},
{
"category": "description",
"text": "Please consult the CVE entries listed above.",
"title": "Impact"
},
{
"category": "description",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"title": "Mitigation"
},
{
"category": "description",
"text": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"title": "Remediation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "self",
"summary": "VDE-2023-001: PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware - HTML",
"url": "https://certvde.com/en/advisories/VDE-2023-001/"
},
{
"category": "self",
"summary": "VDE-2023-001: PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2023/vde-2023-001.json"
},
{
"category": "external",
"summary": "Vendor PSIRT",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "CERT@VDE Security Advisories for Phoenix Contact GmbH \u0026 Co. KG",
"url": "https://certvde.com/en/advisories/vendor/phoenixcontact/"
}
],
"title": "PHOENIX CONTACT: Multiple Vulnerabilities in PLCnext Firmware",
"tracking": {
"aliases": [
"VDE-2023-001"
],
"current_release_date": "2025-06-05T13:28:12.000Z",
"generator": {
"date": "2025-05-08T11:33:36.410Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.25"
}
},
"id": "VDE-2023-001",
"initial_release_date": "2023-02-14T07:50:00.000Z",
"revision_history": [
{
"date": "2023-02-14T07:50:00.000Z",
"number": "1",
"summary": "Initial revision."
},
{
"date": "2025-06-05T13:28:12.000Z",
"number": "2",
"summary": "Fix: quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXC F 1152",
"product": {
"name": "AXC F 1152",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 2152",
"product": {
"name": "AXC F 2152",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 3152",
"product": {
"name": "AXC F 3152",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
}
},
{
"category": "product_name",
"name": "BPC 9102S",
"product": {
"name": "BPC 9102S",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072R",
"product": {
"name": "RFC 4072R",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1136419"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072S",
"product": {
"name": "RFC 4072S",
"product_id": "CSAFPID-11006",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2023.0.0 LTS",
"product": {
"name": "Firmware \u003c2023.0.0 LTS",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "2023.0.0 LTS",
"product": {
"name": "Firmware 2023.0.0 LTS",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "PHOENIX CONTACT"
}
],
"product_groups": [
{
"group_id": "CSAFGID-0001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
],
"summary": "Affected products."
},
{
"group_id": "CSAFGID-0002",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"summary": "Fixed products."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on AXC F 1152",
"product_id": "CSAFPID-31001"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on AXC F 2152",
"product_id": "CSAFPID-31002"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on AXC F 3152",
"product_id": "CSAFPID-31003"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on BPC 9102S",
"product_id": "CSAFPID-31004"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on RFC 4072R",
"product_id": "CSAFPID-31005"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2023.0.0 LTS installed on RFC 4072S",
"product_id": "CSAFPID-31006"
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11006"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on AXC F 1152",
"product_id": "CSAFPID-32001"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on AXC F 2152",
"product_id": "CSAFPID-32002"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on AXC F 3152",
"product_id": "CSAFPID-32003"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on BPC 9102S",
"product_id": "CSAFPID-32004"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on RFC 4072R",
"product_id": "CSAFPID-32005"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2023.0.0 LTS installed on RFC 4072S",
"product_id": "CSAFPID-32006"
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11006"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-30065",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "A use-after-free in Busybox 1.35-x\u0027s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-30065"
},
{
"cve": "CVE-2022-40674",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-40674"
},
{
"cve": "CVE-2022-35252",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "description",
"text": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"environmentalScore": 3.7,
"environmentalSeverity": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 3.7,
"temporalSeverity": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-43680",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-43680"
},
{
"cve": "CVE-2022-42916",
"cwe": {
"id": "CWE-319",
"name": "Cleartext Transmission of Sensitive Information"
},
"notes": [
{
"category": "description",
"text": "In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-1664",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "description",
"text": "Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1664"
},
{
"cve": "CVE-2022-1304",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1304"
},
{
"cve": "CVE-2022-29187",
"cwe": {
"id": "CWE-427",
"name": "Uncontrolled Search Path Element"
},
"notes": [
{
"category": "description",
"text": "Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contain a patch for this issue. The simplest way to avoid being affected by the exploit described in the example is to avoid running git as root (or an Administrator in Windows), and if needed to reduce its use to a minimum. While a generic workaround is not possible, a system could be hardened from the exploit described in the example by removing any such repository if it exists already and creating one as root to block any future attacks.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-29187"
},
{
"cve": "CVE-2022-39260",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Git is an open source, scalable, distributed revision control system. \u0027git shell\u0027 is a restricted login shell that can be used to implement Git\u0027s push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an \u0027int\u0027 to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to \u0027execv()\u0027, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to \u0027git shell\u0027 as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling \u0027git shell\u0027 access via remote logins is a viable short-term workaround.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-39260"
},
{
"cve": "CVE-2022-39253",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "description",
"text": "Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone (where the source and target of the clone are on the same volume), Git copies the contents of the source\u0027s \u0027$GIT_DIR/objects\u0027 directory into the destination by either creating hardlinks to the source contents, or copying them (if hardlinks are disabled via \u0027--no-hardlinks\u0027). A malicious actor could convince a victim to clone a repository with a symbolic link pointing at sensitive information on the victim\u0027s machine. This can be done either by having the victim clone a malicious repository on the same machine, or having them clone a malicious repository embedded as a bare repository via a submodule from any source, provided they clone with the \u0027--recurse-submodules\u0027 option. Git does not create symbolic links in the \u0027$GIT_DIR/objects\u0027 directory. The problem has been patched in the versions published on 2022-10-18, and backported to v2.30.x. Potential workarounds: Avoid cloning untrusted repositories using the \u0027--local\u0027 optimization when on a shared machine, either by passing the \u0027--no-local\u0027 option to \u0027git clone\u0027 or cloning from a URL that uses the \u0027file://\u0027 scheme. Alternatively, avoid cloning repositories from untrusted sources with \u0027--recurse-submodules\u0027 or run \u0027git config --global protocol.file.allow user\u0027.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-39253"
},
{
"cve": "CVE-2022-42915",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-2509",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2509"
},
{
"cve": "CVE-2021-46828",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"notes": [
{
"category": "description",
"text": "In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2021-46828"
},
{
"cve": "CVE-2022-40304",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2022-1015",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 6.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1015"
},
{
"cve": "CVE-2022-1016",
"cwe": {
"id": "CWE-909",
"name": "Missing Initialization of Resource"
},
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle \u0027return\u0027 with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1016"
},
{
"cve": "CVE-2022-1348",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"notes": [
{
"category": "description",
"text": "A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1348"
},
{
"cve": "CVE-2022-2097",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "description",
"text": "AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn\u0027t written. In the special case of \"in place\" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2097"
},
{
"cve": "CVE-2022-42919",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"notes": [
{
"category": "description",
"text": "Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-42919"
},
{
"cve": "CVE-2002-20001",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2002-20001"
},
{
"cve": "CVE-2022-40617",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "description",
"text": "strongSwan before 5.9.8 allows remote attackers to cause a denial of service in the revocation plugin by sending a crafted end-entity (and intermediate CA) certificate that contains a CRL/OCSP URL that points to a server (under the attacker\u0027s control) that doesn\u0027t properly respond but (for example) just does nothing after the initial TCP handshake, or sends an excessive amount of application data.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-40617"
},
{
"cve": "CVE-2022-43995",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-43995"
},
{
"cve": "CVE-2022-2522",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2522"
},
{
"cve": "CVE-2022-2571",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2571"
},
{
"cve": "CVE-2022-2580",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2580"
},
{
"cve": "CVE-2022-2581",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2581"
},
{
"cve": "CVE-2022-2598",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100.\n\n",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2598"
},
{
"cve": "CVE-2022-3234",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3234"
},
{
"cve": "CVE-2022-3235",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0490.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3235"
},
{
"cve": "CVE-2022-32207",
"cwe": {
"id": "CWE-276",
"name": "Incorrect Default Permissions"
},
"notes": [
{
"category": "description",
"text": "When curl \u003c 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-3256",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0530.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3256"
},
{
"cve": "CVE-2022-32206",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "curl \u003c 7.84.0 supports \"chained\" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable \"links\" in this \"decompression chain\" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a \"malloc bomb\", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 6.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 6.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-3278",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3278"
},
{
"cve": "CVE-2022-32208",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "When curl \u003c 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-3296",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3296"
},
{
"cve": "CVE-2022-32205",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "description",
"text": "A malicious server can serve excessive amounts of \u0027Set-Cookie:\u0027 headers in a HTTP response to curl and curl \u003c 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven\u0027t expired. Due to cookie matching rules, a server on \u0027foo.example.com\u0027 can set cookies that also would match for \u0027bar.example.com\u0027, making it it possible for a \"sister server\" to effectively cause a denial of service for a sibling site on the same second level domain using this method.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 4.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 4.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-3297",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0579.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3297"
},
{
"cve": "CVE-2022-3324",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3324"
},
{
"cve": "CVE-2022-3352",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0614.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3352"
},
{
"cve": "CVE-2022-3705",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "description",
"text": "A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-3705"
},
{
"cve": "CVE-2022-37434",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-1927",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1927"
},
{
"cve": "CVE-2022-1942",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-1942"
},
{
"cve": "CVE-2022-2129",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2129"
},
{
"cve": "CVE-2022-2175",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Buffer Over-read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2175"
},
{
"cve": "CVE-2022-2182",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2182"
},
{
"cve": "CVE-2022-2183",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2183"
},
{
"cve": "CVE-2022-2343",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2343"
},
{
"cve": "CVE-2022-2207",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2207"
},
{
"cve": "CVE-2022-2210",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2210"
},
{
"cve": "CVE-2022-2344",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2344"
},
{
"cve": "CVE-2022-2304",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2304"
},
{
"cve": "CVE-2022-2345",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.0046.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2345"
},
{
"cve": "CVE-2022-2208",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2208"
},
{
"cve": "CVE-2022-2231",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "description",
"text": "NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.5,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.5,
"temporalSeverity": "MEDIUM",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2231"
},
{
"cve": "CVE-2022-2287",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.1,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2287"
},
{
"cve": "CVE-2022-2285",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2285"
},
{
"cve": "CVE-2022-2284",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2284"
},
{
"cve": "CVE-2022-2286",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2286"
},
{
"cve": "CVE-2022-2289",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "description",
"text": "Use After Free in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2289"
},
{
"cve": "CVE-2022-2288",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2288"
},
{
"cve": "CVE-2022-2264",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "description",
"text": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2264"
},
{
"cve": "CVE-2022-2206",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2206"
},
{
"cve": "CVE-2022-2257",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "description",
"text": "Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32003",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32006"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our application note:\nMeasures to protect network-capable devices with Ethernet connection",
"group_ids": [
"CSAFGID-0001"
]
},
{
"category": "vendor_fix",
"details": "Update to the latest 2023.0.0 LTS Firmware Release.\nPHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.8,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.8,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31003",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31006"
]
}
],
"title": "CVE-2022-2257"
}
]
}
WID-SEC-W-2022-0479
Vulnerability from csaf_certbund - Published: 2022-06-26 22:00 - Updated: 2025-11-06 23:00Summary
cURL: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.
Angriff: Ein Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um einen Denial of Service Angriff durchzuführen, Sicherheitseinstellungen zu umgehen und Daten offenzulegen oder zu manipulieren.
Betroffene Betriebssysteme: - Linux
- UNIX
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM AIX 7.3.1
IBM / AIX
|
cpe:/o:ibm:aix:7.3.1
|
7.3.1 | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix
HCL
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
IBM Security Verify Access <10.0.5-ISS-ISVA-FP000
IBM / Security Verify Access
|
<10.0.5-ISS-ISVA-FP000 | ||
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Open Source cURL <7.84.0
Open Source / cURL
|
<7.84.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker <19.9.0.1
Dell / NetWorker
|
<19.9.0.1 | ||
|
IBM Rational ClearCase
IBM
|
cpe:/a:ibm:rational_clearcase:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM Spectrum Protect Plus
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:::plus
|
Plus | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM AIX 7.3.1
IBM / AIX
|
cpe:/o:ibm:aix:7.3.1
|
7.3.1 | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix
HCL
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
IBM Security Verify Access <10.0.5-ISS-ISVA-FP000
IBM / Security Verify Access
|
<10.0.5-ISS-ISVA-FP000 | ||
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Open Source cURL <7.84.0
Open Source / cURL
|
<7.84.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker <19.9.0.1
Dell / NetWorker
|
<19.9.0.1 | ||
|
IBM Rational ClearCase
IBM
|
cpe:/a:ibm:rational_clearcase:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM Spectrum Protect Plus
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:::plus
|
Plus | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM AIX 7.3.1
IBM / AIX
|
cpe:/o:ibm:aix:7.3.1
|
7.3.1 | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix
HCL
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
IBM Security Verify Access <10.0.5-ISS-ISVA-FP000
IBM / Security Verify Access
|
<10.0.5-ISS-ISVA-FP000 | ||
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Open Source cURL <7.84.0
Open Source / cURL
|
<7.84.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker <19.9.0.1
Dell / NetWorker
|
<19.9.0.1 | ||
|
IBM Rational ClearCase
IBM
|
cpe:/a:ibm:rational_clearcase:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM Spectrum Protect Plus
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:::plus
|
Plus | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition |
Affected products
Known affected
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM AIX 7.3.1
IBM / AIX
|
cpe:/o:ibm:aix:7.3.1
|
7.3.1 | |
|
Red Hat OpenShift
Red Hat
|
cpe:/a:redhat:openshift:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
NetApp Data ONTAP
NetApp
|
cpe:/a:netapp:data_ontap:-
|
— | |
|
Gentoo Linux
Gentoo
|
cpe:/o:gentoo:linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
HCL BigFix
HCL
|
cpe:/a:hcltech:bigfix:-
|
— | |
|
IBM Security Verify Access <10.0.5-ISS-ISVA-FP000
IBM / Security Verify Access
|
<10.0.5-ISS-ISVA-FP000 | ||
|
Dell Avamar
Dell
|
cpe:/a:dell:avamar:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Open Source cURL <7.84.0
Open Source / cURL
|
<7.84.0 | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Dell NetWorker
Dell / NetWorker
|
cpe:/a:dell:networker:-
|
— | |
|
Dell NetWorker <19.9.0.1
Dell / NetWorker
|
<19.9.0.1 | ||
|
IBM Rational ClearCase
IBM
|
cpe:/a:ibm:rational_clearcase:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM Spectrum Protect Plus
IBM / Spectrum Protect
|
cpe:/a:ibm:spectrum_protect:::plus
|
Plus | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
Dell NetWorker Virtual Edition
Dell / NetWorker
|
cpe:/a:dell:networker:virtual_edition
|
Virtual Edition |
References
45 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Sicherheitseinstellungen zu umgehen und Daten offenzulegen oder zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0479 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-0479.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0479 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0479"
},
{
"category": "external",
"summary": "Curl Security Advisory vom 2022-06-26",
"url": "https://curl.se/docs/CVE-2022-32205.html"
},
{
"category": "external",
"summary": "Curl Security Advisory vom 2022-06-26",
"url": "https://curl.se/docs/CVE-2022-32206.html"
},
{
"category": "external",
"summary": "Curl Security Advisory vom 2022-06-26",
"url": "https://curl.se/docs/CVE-2022-32207.html"
},
{
"category": "external",
"summary": "Curl Security Advisory vom 2022-06-26",
"url": "https://curl.se/docs/CVE-2022-32208.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5495-1 vom 2022-06-27",
"url": "https://ubuntu.com/security/notices/USN-5495-1"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5499-1 vom 2022-07-01",
"url": "https://ubuntu.com/security/notices/USN-5499-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2288-1 vom 2022-07-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011435.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2305-1 vom 2022-07-06",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011426.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2327-1 vom 2022-07-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011473.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2356-1 vom 2022-07-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-July/011504.html"
},
{
"category": "external",
"summary": "hackerone Report",
"url": "https://hackerone.com/reports/1569946"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5197 vom 2022-08-01",
"url": "https://lists.debian.org/debian-security-announce/2022/msg00166.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2813-1 vom 2022-08-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011916.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2829-1 vom 2022-08-17",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-August/011931.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6157 vom 2022-08-24",
"url": "https://access.redhat.com/errata/RHSA-2022:6157"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6159 vom 2022-08-25",
"url": "https://access.redhat.com/errata/RHSA-2022:6159"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6157 vom 2022-08-25",
"url": "http://linux.oracle.com/errata/ELSA-2022-6157.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2022-6159 vom 2022-08-25",
"url": "http://linux.oracle.com/errata/ELSA-2022-6159.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3085 vom 2022-08-29",
"url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2022:2327-2 vom 2022-09-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-September/012034.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6344 vom 2022-09-07",
"url": "https://access.redhat.com/errata/RHSA-2022:6344"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6183 vom 2022-09-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6183"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:6182 vom 2022-09-06",
"url": "https://access.redhat.com/errata/RHSA-2022:6182"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20220915-0003 vom 2022-09-15",
"url": "https://security.netapp.com/advisory/ntap-20220915-0003/"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6621463 vom 2022-09-20",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-libcurl-affect-ibm-spectrum-protect-plus-sql-file-indexing-and-windows-host-agents/"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2022-266 vom 2022-09-21",
"url": "https://www.dell.com/support/kbdoc/000203560/dsa-2022-266-dell-networker-vproxy-security-update-for-multiple-third-party-vulnerabilities"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-145 vom 2022-10-14",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-145.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7058 vom 2022-10-20",
"url": "https://access.redhat.com/errata/RHSA-2022:7058"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:7055 vom 2022-10-19",
"url": "https://access.redhat.com/errata/RHSA-2022:7055"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-206 vom 2022-11-04",
"url": "https://alas.aws.amazon.com/AL2022/ALAS-2022-206.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6834014 vom 2022-11-05",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-mq-is-affected-by-a-vulnerability-in-libcurl-cve-2022-32206/"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1875 vom 2022-11-09",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2022-1875.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8840 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8840"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2022:8841 vom 2022-12-08",
"url": "https://access.redhat.com/errata/RHSA-2022:8841"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2022-1646 vom 2022-12-10",
"url": "https://alas.aws.amazon.com/ALAS-2022-1646.html"
},
{
"category": "external",
"summary": "HCL Article KB0102049 vom 2022-12-17",
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0102049"
},
{
"category": "external",
"summary": "Gentoo Linux Security Advisory GLSA-202212-01 vom 2022-12-19",
"url": "https://security.gentoo.org/glsa/202212-01"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6855297 vom 2023-01-13",
"url": "https://www.ibm.com/support/pages/node/6855297"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6855601 vom 2023-01-31",
"url": "https://www.ibm.com/support/pages/node/6855601"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7008409 vom 2023-06-29",
"url": "https://www.ibm.com/support/pages/node/7008409"
},
{
"category": "external",
"summary": "Security update for Dell NetWorker",
"url": "https://www.dell.com/support/kbdoc/de-de/000215497/dsa-2023-233-security-update-for-dell-networker-curl-7-51-0"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-5495-2 vom 2025-09-29",
"url": "https://ubuntu.com/security/notices/USN-5495-2"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2023-268 vom 2025-11-06",
"url": "https://www.dell.com/support/kbdoc/de-de/000216397/dsa-2023-268-security-update-for-dell-avamar-dell-networker-virtual-edition-nve-and-dell-powerprotect-dp-series-appliance-dell-integrated-data-protection-appliance-idpa-security-update-for-multiple-vulnerabilities"
}
],
"source_lang": "en-US",
"title": "cURL: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-06T23:00:00.000+00:00",
"generator": {
"date": "2025-11-07T08:57:12.488+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2022-0479",
"initial_release_date": "2022-06-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-06-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-06-27T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-06-29T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: FEDORA-2022-1B3D7F6973, FEDORA-2022-8BD3BF5B40"
},
{
"date": "2022-06-30T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2022-07-06T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-07-07T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-07-11T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-07-14T22:00:00.000+00:00",
"number": "8",
"summary": "PoCs aufgenommen"
},
{
"date": "2022-08-01T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-08-16T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-17T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-08-24T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-08-25T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2022-08-28T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2022-09-01T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2022-09-06T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-09-15T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2022-09-19T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2022-09-20T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2022-10-13T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-10-19T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-11-06T23:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Amazon und IBM aufgenommen"
},
{
"date": "2022-11-09T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-12-08T23:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2022-12-11T23:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2022-12-18T23:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von HCL und Gentoo aufgenommen"
},
{
"date": "2023-01-12T23:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-01-31T23:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2023-07-04T22:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-09-29T22:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2025-11-06T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "32"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell Avamar",
"product": {
"name": "Dell Avamar",
"product_id": "T039664",
"product_identification_helper": {
"cpe": "cpe:/a:dell:avamar:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker",
"product": {
"name": "Dell NetWorker",
"product_id": "T024663",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c19.9.0.1",
"product": {
"name": "Dell NetWorker \u003c19.9.0.1",
"product_id": "T028404"
}
},
{
"category": "product_version",
"name": "19.9.0.1",
"product": {
"name": "Dell NetWorker 19.9.0.1",
"product_id": "T028404-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.9.0.1"
}
}
},
{
"category": "product_version",
"name": "Virtual Edition",
"product": {
"name": "Dell NetWorker Virtual Edition",
"product_id": "T048226",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:virtual_edition"
}
}
}
],
"category": "product_name",
"name": "NetWorker"
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Gentoo Linux",
"product": {
"name": "Gentoo Linux",
"product_id": "T012167",
"product_identification_helper": {
"cpe": "cpe:/o:gentoo:linux:-"
}
}
}
],
"category": "vendor",
"name": "Gentoo"
},
{
"branches": [
{
"category": "product_name",
"name": "HCL BigFix",
"product": {
"name": "HCL BigFix",
"product_id": "T017494",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3.1",
"product": {
"name": "IBM AIX 7.3.1",
"product_id": "T028363",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3.1"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T021398",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:-"
}
}
},
{
"category": "product_name",
"name": "IBM Rational ClearCase",
"product": {
"name": "IBM Rational ClearCase",
"product_id": "T004180",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearcase:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.0.5-ISS-ISVA-FP000",
"product": {
"name": "IBM Security Verify Access \u003c10.0.5-ISS-ISVA-FP000",
"product_id": "T025829"
}
},
{
"category": "product_version",
"name": "10.0.5-ISS-ISVA-FP000",
"product": {
"name": "IBM Security Verify Access 10.0.5-ISS-ISVA-FP000",
"product_id": "T025829-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:security_verify_access:10.0.5-iss-isva-fp000"
}
}
}
],
"category": "product_name",
"name": "Security Verify Access"
},
{
"branches": [
{
"category": "product_version",
"name": "Plus",
"product": {
"name": "IBM Spectrum Protect Plus",
"product_id": "T023257",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:spectrum_protect:::plus"
}
}
}
],
"category": "product_name",
"name": "Spectrum Protect"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp Data ONTAP",
"product": {
"name": "NetApp Data ONTAP",
"product_id": "7654",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:-"
}
}
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.84.0",
"product": {
"name": "Open Source cURL \u003c7.84.0",
"product_id": "T000502"
}
},
{
"category": "product_version",
"name": "7.84.0",
"product": {
"name": "Open Source cURL 7.84.0",
"product_id": "T000502-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:curl:curl:7.29.0"
}
}
}
],
"category": "product_name",
"name": "cURL"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_name",
"name": "Red Hat OpenShift",
"product": {
"name": "Red Hat OpenShift",
"product_id": "T008027",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-32205",
"product_status": {
"known_affected": [
"T028363",
"T008027",
"67646",
"7654",
"T012167",
"T004914",
"T017494",
"T025829",
"T039664",
"2951",
"T002207",
"T000502",
"T000126",
"T024663",
"T028404",
"T004180",
"398363",
"T023257",
"T021398",
"T048226"
]
},
"release_date": "2022-06-26T22:00:00.000+00:00",
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-32206",
"product_status": {
"known_affected": [
"T028363",
"T008027",
"67646",
"7654",
"T012167",
"T004914",
"T017494",
"T025829",
"T039664",
"2951",
"T002207",
"T000502",
"T000126",
"T024663",
"T028404",
"T004180",
"398363",
"T023257",
"T021398",
"T048226"
]
},
"release_date": "2022-06-26T22:00:00.000+00:00",
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32207",
"product_status": {
"known_affected": [
"T028363",
"T008027",
"67646",
"7654",
"T012167",
"T004914",
"T017494",
"T025829",
"T039664",
"2951",
"T002207",
"T000502",
"T000126",
"T024663",
"T028404",
"T004180",
"398363",
"T023257",
"T021398",
"T048226"
]
},
"release_date": "2022-06-26T22:00:00.000+00:00",
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32208",
"product_status": {
"known_affected": [
"T028363",
"T008027",
"67646",
"7654",
"T012167",
"T004914",
"T017494",
"T025829",
"T039664",
"2951",
"T002207",
"T000502",
"T000126",
"T024663",
"T028404",
"T004180",
"398363",
"T023257",
"T021398",
"T048226"
]
},
"release_date": "2022-06-26T22:00:00.000+00:00",
"title": "CVE-2022-32208"
}
]
}
WID-SEC-W-2022-1846
Vulnerability from csaf_certbund - Published: 2022-10-24 22:00 - Updated: 2024-09-16 22:00Summary
Apple macOS: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen.
Betroffene Betriebssysteme: - MacOS X
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten "Accelerate Framework", "Apple Neural Engine", "AppleAVD", "AppleMobileFileIntegrity", "ATS", "Audio", "AVEVideoEncoder", "Calendar", "CFNetwork", "ColorSync", "Crash Reporter", "curl", "Directory Utility", "DriverKit", "Exchange", "Find My", "Finder", "GPU Drivers", "Grapher", "Image Processing", "ImageIO", "Intel Graphics Driver", "IOHIDFamily", "IOKit", "Kernel", "Mail", "Maps", MediaLibrary", "ncurses", "Notes", "Notifications", "PackageKit", "Photos", "ppp", "Ruby", "Sandbox", "Security", "Shortcuts", "Sidecar", "Siri", "SMB", "Software Update", "SQLite", "Vim", "Weather", "WebKit", "WebKit PDF" sowie "WebKit Sandboxing". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, beliebigen Programmcode auszuführen, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuführen, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Big Sur 11.7.1
Apple / macOS
|
cpe:/o:apple:mac_os:big_sur_11.7.1
|
Big Sur 11.7.1 | |
|
Apple macOS Ventura_13
Apple / macOS
|
cpe:/o:apple:mac_os:ventura_13
|
Ventura_13 | |
|
Apple macOS Monterey 12.6.1
Apple / macOS
|
cpe:/o:apple:mac_os:monterey_12.6.1
|
Monterey 12.6.1 |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-1846 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2022/wid-sec-w-2022-1846.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-1846 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1846"
},
{
"category": "external",
"summary": "Apple Security Advisory HT213488 vom 2022-10-24",
"url": "https://support.apple.com/en-us/HT213488"
},
{
"category": "external",
"summary": "Apple Security Advisory HT213493 vom 2022-10-24",
"url": "https://support.apple.com/en-us/HT213493"
},
{
"category": "external",
"summary": "Apple Security Advisory HT213494 vom 2022-10-24",
"url": "https://support.apple.com/en-us/HT213494"
}
],
"source_lang": "en-US",
"title": "Apple macOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-09-16T22:00:00.000+00:00",
"generator": {
"date": "2024-09-17T08:17:03.625+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.6"
}
},
"id": "WID-SEC-W-2022-1846",
"initial_release_date": "2022-10-24T22:00:00.000+00:00",
"revision_history": [
{
"date": "2022-10-24T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-10-27T22:00:00.000+00:00",
"number": "2",
"summary": "CVEs erg\u00e4nzt"
},
{
"date": "2023-06-27T22:00:00.000+00:00",
"number": "3",
"summary": "CVE\u0027s erg\u00e4nzt"
},
{
"date": "2023-08-14T22:00:00.000+00:00",
"number": "4",
"summary": "CVE Nummern erg\u00e4nzt"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "5",
"summary": "CVE\u0027s erg\u00e4nzt"
},
{
"date": "2024-09-16T22:00:00.000+00:00",
"number": "6",
"summary": "CVE-2022-46723 erg\u00e4nzt"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Ventura_13",
"product": {
"name": "Apple macOS Ventura_13",
"product_id": "T025102",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:ventura_13"
}
}
},
{
"category": "product_version",
"name": "Big Sur 11.7.1",
"product": {
"name": "Apple macOS Big Sur 11.7.1",
"product_id": "T025103",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:big_sur_11.7.1"
}
}
},
{
"category": "product_version",
"name": "Monterey 12.6.1",
"product": {
"name": "Apple macOS Monterey 12.6.1",
"product_id": "T025104",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:monterey_12.6.1"
}
}
}
],
"category": "product_name",
"name": "macOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-36690",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2021-36690"
},
{
"cve": "CVE-2021-39537",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2021-39537"
},
{
"cve": "CVE-2022-0261",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0261"
},
{
"cve": "CVE-2022-0318",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0318"
},
{
"cve": "CVE-2022-0319",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0319"
},
{
"cve": "CVE-2022-0351",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0351"
},
{
"cve": "CVE-2022-0359",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0359"
},
{
"cve": "CVE-2022-0361",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0361"
},
{
"cve": "CVE-2022-0368",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0368"
},
{
"cve": "CVE-2022-0392",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0392"
},
{
"cve": "CVE-2022-0554",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0554"
},
{
"cve": "CVE-2022-0572",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0572"
},
{
"cve": "CVE-2022-0629",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0629"
},
{
"cve": "CVE-2022-0685",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0685"
},
{
"cve": "CVE-2022-0696",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0696"
},
{
"cve": "CVE-2022-0714",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0714"
},
{
"cve": "CVE-2022-0729",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0729"
},
{
"cve": "CVE-2022-0943",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-0943"
},
{
"cve": "CVE-2022-1381",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1381"
},
{
"cve": "CVE-2022-1420",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1420"
},
{
"cve": "CVE-2022-1616",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1616"
},
{
"cve": "CVE-2022-1619",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1619"
},
{
"cve": "CVE-2022-1620",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1620"
},
{
"cve": "CVE-2022-1621",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1621"
},
{
"cve": "CVE-2022-1622",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1622"
},
{
"cve": "CVE-2022-1629",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1629"
},
{
"cve": "CVE-2022-1674",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1674"
},
{
"cve": "CVE-2022-1720",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1720"
},
{
"cve": "CVE-2022-1725",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1725"
},
{
"cve": "CVE-2022-1733",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1733"
},
{
"cve": "CVE-2022-1735",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1735"
},
{
"cve": "CVE-2022-1769",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1769"
},
{
"cve": "CVE-2022-1851",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1851"
},
{
"cve": "CVE-2022-1897",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1897"
},
{
"cve": "CVE-2022-1898",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1898"
},
{
"cve": "CVE-2022-1927",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1927"
},
{
"cve": "CVE-2022-1942",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1942"
},
{
"cve": "CVE-2022-1968",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-1968"
},
{
"cve": "CVE-2022-2000",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-2000"
},
{
"cve": "CVE-2022-2042",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-2042"
},
{
"cve": "CVE-2022-2124",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-2124"
},
{
"cve": "CVE-2022-2125",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-2125"
},
{
"cve": "CVE-2022-2126",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-2126"
},
{
"cve": "CVE-2022-26699",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-26699"
},
{
"cve": "CVE-2022-26730",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-26730"
},
{
"cve": "CVE-2022-28739",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-28739"
},
{
"cve": "CVE-2022-29458",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-29458"
},
{
"cve": "CVE-2022-32205",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-32206",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32207",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32208",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32827",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32827"
},
{
"cve": "CVE-2022-32835",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32835"
},
{
"cve": "CVE-2022-32858",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32858"
},
{
"cve": "CVE-2022-32859",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32859"
},
{
"cve": "CVE-2022-32862",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32862"
},
{
"cve": "CVE-2022-32864",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32864"
},
{
"cve": "CVE-2022-32865",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32865"
},
{
"cve": "CVE-2022-32866",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32866"
},
{
"cve": "CVE-2022-32867",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32867"
},
{
"cve": "CVE-2022-32870",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32870"
},
{
"cve": "CVE-2022-32875",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32875"
},
{
"cve": "CVE-2022-32876",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32876"
},
{
"cve": "CVE-2022-32877",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32877"
},
{
"cve": "CVE-2022-32879",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32879"
},
{
"cve": "CVE-2022-32881",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32881"
},
{
"cve": "CVE-2022-32883",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32883"
},
{
"cve": "CVE-2022-32886",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32886"
},
{
"cve": "CVE-2022-32888",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32888"
},
{
"cve": "CVE-2022-32890",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32890"
},
{
"cve": "CVE-2022-32892",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32892"
},
{
"cve": "CVE-2022-32895",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32895"
},
{
"cve": "CVE-2022-32898",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32898"
},
{
"cve": "CVE-2022-32899",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32899"
},
{
"cve": "CVE-2022-32902",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32902"
},
{
"cve": "CVE-2022-32903",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32903"
},
{
"cve": "CVE-2022-32904",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32904"
},
{
"cve": "CVE-2022-32905",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32905"
},
{
"cve": "CVE-2022-32907",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32907"
},
{
"cve": "CVE-2022-32908",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32908"
},
{
"cve": "CVE-2022-32909",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32909"
},
{
"cve": "CVE-2022-32911",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32911"
},
{
"cve": "CVE-2022-32912",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32912"
},
{
"cve": "CVE-2022-32913",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32913"
},
{
"cve": "CVE-2022-32914",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32914"
},
{
"cve": "CVE-2022-32915",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32915"
},
{
"cve": "CVE-2022-32918",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32918"
},
{
"cve": "CVE-2022-32922",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32922"
},
{
"cve": "CVE-2022-32924",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32924"
},
{
"cve": "CVE-2022-32928",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32928"
},
{
"cve": "CVE-2022-32934",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32934"
},
{
"cve": "CVE-2022-32936",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32936"
},
{
"cve": "CVE-2022-32938",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32938"
},
{
"cve": "CVE-2022-32940",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32940"
},
{
"cve": "CVE-2022-32947",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-32947"
},
{
"cve": "CVE-2022-42788",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42788"
},
{
"cve": "CVE-2022-42789",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42789"
},
{
"cve": "CVE-2022-42790",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42790"
},
{
"cve": "CVE-2022-42791",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42791"
},
{
"cve": "CVE-2022-42793",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42793"
},
{
"cve": "CVE-2022-42795",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42795"
},
{
"cve": "CVE-2022-42796",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42796"
},
{
"cve": "CVE-2022-42799",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42799"
},
{
"cve": "CVE-2022-42806",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42806"
},
{
"cve": "CVE-2022-42808",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42808"
},
{
"cve": "CVE-2022-42809",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42809"
},
{
"cve": "CVE-2022-42811",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42811"
},
{
"cve": "CVE-2022-42813",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42813"
},
{
"cve": "CVE-2022-42814",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42814"
},
{
"cve": "CVE-2022-42815",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42815"
},
{
"cve": "CVE-2022-42818",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42818"
},
{
"cve": "CVE-2022-42819",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42819"
},
{
"cve": "CVE-2022-42820",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42820"
},
{
"cve": "CVE-2022-42823",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42823"
},
{
"cve": "CVE-2022-42824",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42824"
},
{
"cve": "CVE-2022-42825",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42825"
},
{
"cve": "CVE-2022-42828",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42828"
},
{
"cve": "CVE-2022-42829",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42829"
},
{
"cve": "CVE-2022-42830",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42830"
},
{
"cve": "CVE-2022-42831",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42831"
},
{
"cve": "CVE-2022-42832",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42832"
},
{
"cve": "CVE-2022-42833",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42833"
},
{
"cve": "CVE-2022-42834",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42834"
},
{
"cve": "CVE-2022-42838",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42838"
},
{
"cve": "CVE-2022-42860",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-42860"
},
{
"cve": "CVE-2022-46709",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-46709"
},
{
"cve": "CVE-2022-46712",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-46712"
},
{
"cve": "CVE-2022-46713",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-46713"
},
{
"cve": "CVE-2022-46721",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-46721"
},
{
"cve": "CVE-2022-46722",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-46722"
},
{
"cve": "CVE-2022-46723",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-46723"
},
{
"cve": "CVE-2022-47915",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-47915"
},
{
"cve": "CVE-2022-47965",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-47965"
},
{
"cve": "CVE-2022-48504",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-48504"
},
{
"cve": "CVE-2022-48505",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-48505"
},
{
"cve": "CVE-2022-48577",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-48577"
},
{
"cve": "CVE-2022-48683",
"notes": [
{
"category": "description",
"text": "In Apple macOS existieren mehrere Schwachstellen. Diese sind auf Fehler in den Komponenten \"Accelerate Framework\", \"Apple Neural Engine\", \"AppleAVD\", \"AppleMobileFileIntegrity\", \"ATS\", \"Audio\", \"AVEVideoEncoder\", \"Calendar\", \"CFNetwork\", \"ColorSync\", \"Crash Reporter\", \"curl\", \"Directory Utility\", \"DriverKit\", \"Exchange\", \"Find My\", \"Finder\", \"GPU Drivers\", \"Grapher\", \"Image Processing\", \"ImageIO\", \"Intel Graphics Driver\", \"IOHIDFamily\", \"IOKit\", \"Kernel\", \"Mail\", \"Maps\", MediaLibrary\", \"ncurses\", \"Notes\", \"Notifications\", \"PackageKit\", \"Photos\", \"ppp\", \"Ruby\", \"Sandbox\", \"Security\", \"Shortcuts\", \"Sidecar\", \"Siri\", \"SMB\", \"Software Update\", \"SQLite\", \"Vim\", \"Weather\", \"WebKit\", \"WebKit PDF\" sowie \"WebKit Sandboxing\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, beliebigen Programmcode auszuf\u00fchren, seine Privilegien zu erweitern, einen Denial of Service Zustand herbeizuf\u00fchren, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder sonstige Auswirkungen zu verursachen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T025103",
"T025102",
"T025104"
]
},
"release_date": "2022-10-24T22:00:00.000+00:00",
"title": "CVE-2022-48683"
}
]
}
WID-SEC-W-2023-1350
Vulnerability from csaf_certbund - Published: 2023-06-01 22:00 - Updated: 2025-11-18 23:00Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.5
Splunk / Splunk Enterprise
|
<9.0.5 | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <8.1.14
Splunk / Splunk Enterprise
|
<8.1.14 | ||
|
Splunk Splunk Enterprise <8.2.11
Splunk / Splunk Enterprise
|
<8.2.11 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
IBM DB2
IBM
|
cpe:/a:ibm:db2:-
|
— | |
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise in diversen Komponenten von Drittanbietern ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1350 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1350.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1350 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1350"
},
{
"category": "external",
"summary": "Splunk Enterprise Security Advisory SVD-2023-0613 vom 2023-06-01",
"url": "https://advisory.splunk.com/advisories/SVD-2023-0613"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7008449 vom 2023-06-29",
"url": "https://www.ibm.com/support/pages/node/7008449"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0487-1 vom 2024-02-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017931.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0486-1 vom 2024-02-15",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/017932.html"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
}
],
"source_lang": "en-US",
"title": "Splunk Splunk Enterprise: Mehrere Schwachstellen in Komponenten von Drittanbietern",
"tracking": {
"current_release_date": "2025-11-18T23:00:00.000+00:00",
"generator": {
"date": "2025-11-19T09:42:52.592+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2023-1350",
"initial_release_date": "2023-06-01T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-01T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-01-23T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-02-15T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.1",
"product": {
"name": "Atlassian Confluence \u003c10.1.1",
"product_id": "T048680"
}
},
{
"category": "product_version",
"name": "10.1.1",
"product": {
"name": "Atlassian Confluence 10.1.1",
"product_id": "T048680-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:10.1.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Confluence \u003c10.0.2",
"product_id": "T048685"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Confluence 10.0.2",
"product_id": "T048685-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.7",
"product": {
"name": "Atlassian Confluence \u003c9.2.7",
"product_id": "T048686"
}
},
{
"category": "product_version",
"name": "9.2.7",
"product": {
"name": "Atlassian Confluence 9.2.7",
"product_id": "T048686-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:9.2.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.25",
"product": {
"name": "Atlassian Confluence \u003c8.5.25",
"product_id": "T048687"
}
},
{
"category": "product_version",
"name": "8.5.25",
"product": {
"name": "Atlassian Confluence 8.5.25",
"product_id": "T048687-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.25"
}
}
}
],
"category": "product_name",
"name": "Confluence"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM DB2",
"product": {
"name": "IBM DB2",
"product_id": "5104",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.1.14",
"product": {
"name": "Splunk Splunk Enterprise \u003c8.1.14",
"product_id": "T027935"
}
},
{
"category": "product_version",
"name": "8.1.14",
"product": {
"name": "Splunk Splunk Enterprise 8.1.14",
"product_id": "T027935-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:8.1.14"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.2.11",
"product": {
"name": "Splunk Splunk Enterprise \u003c8.2.11",
"product_id": "T027936"
}
},
{
"category": "product_version",
"name": "8.2.11",
"product": {
"name": "Splunk Splunk Enterprise 8.2.11",
"product_id": "T027936-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:8.2.11"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.5",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.0.5",
"product_id": "T027937"
}
},
{
"category": "product_version",
"name": "9.0.5",
"product": {
"name": "Splunk Splunk Enterprise 9.0.5",
"product_id": "T027937-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.0.5"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-16042",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2017-16042"
},
{
"cve": "CVE-2018-25032",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2018-25032"
},
{
"cve": "CVE-2019-10744",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2019-10744"
},
{
"cve": "CVE-2019-10746",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2019-10746"
},
{
"cve": "CVE-2019-20149",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2019-20149"
},
{
"cve": "CVE-2020-13822",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-13822"
},
{
"cve": "CVE-2020-15138",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-15138"
},
{
"cve": "CVE-2020-28469",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-28469"
},
{
"cve": "CVE-2020-7662",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-7662"
},
{
"cve": "CVE-2020-7753",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-7753"
},
{
"cve": "CVE-2020-7774",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-7774"
},
{
"cve": "CVE-2020-8116",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-8116"
},
{
"cve": "CVE-2020-8169",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-8169"
},
{
"cve": "CVE-2020-8177",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-8177"
},
{
"cve": "CVE-2020-8203",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-8203"
},
{
"cve": "CVE-2020-8231",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-8231"
},
{
"cve": "CVE-2020-8284",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-8284"
},
{
"cve": "CVE-2020-8285",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-8285"
},
{
"cve": "CVE-2020-8286",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2020-8286"
},
{
"cve": "CVE-2021-20095",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-20095"
},
{
"cve": "CVE-2021-22876",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-22876"
},
{
"cve": "CVE-2021-22890",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-22890"
},
{
"cve": "CVE-2021-22897",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-22897"
},
{
"cve": "CVE-2021-22898",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-22898"
},
{
"cve": "CVE-2021-22901",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-22901"
},
{
"cve": "CVE-2021-22922",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-22922"
},
{
"cve": "CVE-2021-22923",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-22923"
},
{
"cve": "CVE-2021-22924",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-22924"
},
{
"cve": "CVE-2021-22925",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-22925"
},
{
"cve": "CVE-2021-22926",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-22926"
},
{
"cve": "CVE-2021-22945",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-22945"
},
{
"cve": "CVE-2021-22946",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-22946"
},
{
"cve": "CVE-2021-22947",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-22947"
},
{
"cve": "CVE-2021-23343",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-23343"
},
{
"cve": "CVE-2021-23368",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-23368"
},
{
"cve": "CVE-2021-23382",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-23382"
},
{
"cve": "CVE-2021-27292",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-27292"
},
{
"cve": "CVE-2021-29060",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-29060"
},
{
"cve": "CVE-2021-31566",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-31566"
},
{
"cve": "CVE-2021-33502",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-33502"
},
{
"cve": "CVE-2021-33503",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-33503"
},
{
"cve": "CVE-2021-33587",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-33587"
},
{
"cve": "CVE-2021-3520",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-3520"
},
{
"cve": "CVE-2021-36976",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-36976"
},
{
"cve": "CVE-2021-3803",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-3803"
},
{
"cve": "CVE-2021-43565",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2021-43565"
},
{
"cve": "CVE-2022-1705",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-1705"
},
{
"cve": "CVE-2022-1962",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-1962"
},
{
"cve": "CVE-2022-22576",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-22576"
},
{
"cve": "CVE-2022-23491",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-23491"
},
{
"cve": "CVE-2022-23772",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-23806"
},
{
"cve": "CVE-2022-24675",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-24675"
},
{
"cve": "CVE-2022-24921",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-24921"
},
{
"cve": "CVE-2022-24999",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-24999"
},
{
"cve": "CVE-2022-25858",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-25858"
},
{
"cve": "CVE-2022-27191",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-27664",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-27664"
},
{
"cve": "CVE-2022-27774",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-27774"
},
{
"cve": "CVE-2022-27775",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-27775"
},
{
"cve": "CVE-2022-27776",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-27776"
},
{
"cve": "CVE-2022-27778",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-27778"
},
{
"cve": "CVE-2022-27779",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-27779"
},
{
"cve": "CVE-2022-27780",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-27780"
},
{
"cve": "CVE-2022-27781",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-27781"
},
{
"cve": "CVE-2022-27782",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-28131",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-28131"
},
{
"cve": "CVE-2022-28327",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-28327"
},
{
"cve": "CVE-2022-2879",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-2879"
},
{
"cve": "CVE-2022-2880",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-2880"
},
{
"cve": "CVE-2022-29526",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-29526"
},
{
"cve": "CVE-2022-29804",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-29804"
},
{
"cve": "CVE-2022-30115",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-30115"
},
{
"cve": "CVE-2022-30580",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-30580"
},
{
"cve": "CVE-2022-30629",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-30629"
},
{
"cve": "CVE-2022-30630",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-30630"
},
{
"cve": "CVE-2022-30631",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-30631"
},
{
"cve": "CVE-2022-30632",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-30632"
},
{
"cve": "CVE-2022-30633",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-30633"
},
{
"cve": "CVE-2022-30634",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-30634"
},
{
"cve": "CVE-2022-30635",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-30635"
},
{
"cve": "CVE-2022-31129",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-32148",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-32148"
},
{
"cve": "CVE-2022-32189",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-32189"
},
{
"cve": "CVE-2022-32205",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-32206",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32207",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32208",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32221",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2022-33987",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-33987"
},
{
"cve": "CVE-2022-3517",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-3517"
},
{
"cve": "CVE-2022-35252",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-35260",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-35260"
},
{
"cve": "CVE-2022-35737",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-35737"
},
{
"cve": "CVE-2022-36227",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-36227"
},
{
"cve": "CVE-2022-37434",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-37599",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-37599"
},
{
"cve": "CVE-2022-37601",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-37601"
},
{
"cve": "CVE-2022-37603",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-37603"
},
{
"cve": "CVE-2022-37616",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-37616"
},
{
"cve": "CVE-2022-38900",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-38900"
},
{
"cve": "CVE-2022-40023",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-40023"
},
{
"cve": "CVE-2022-40303",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-40303"
},
{
"cve": "CVE-2022-40304",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2022-41715",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-41715"
},
{
"cve": "CVE-2022-41716",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-41716"
},
{
"cve": "CVE-2022-41720",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-41720"
},
{
"cve": "CVE-2022-4200",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-4200"
},
{
"cve": "CVE-2022-42004",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42915",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-42916",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-4304",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-4304"
},
{
"cve": "CVE-2022-43551",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-43551"
},
{
"cve": "CVE-2022-43552",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-43552"
},
{
"cve": "CVE-2022-43680",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-43680"
},
{
"cve": "CVE-2022-46175",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2022-46175"
},
{
"cve": "CVE-2023-0215",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2023-0215"
},
{
"cve": "CVE-2023-0286",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2023-1370",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2023-23914",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2023-23914"
},
{
"cve": "CVE-2023-23915",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2023-23915"
},
{
"cve": "CVE-2023-23916",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2023-23916"
},
{
"cve": "CVE-2023-27533",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2023-27533"
},
{
"cve": "CVE-2023-27534",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2023-27534"
},
{
"cve": "CVE-2023-27535",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2023-27535"
},
{
"cve": "CVE-2023-27536",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2023-27536"
},
{
"cve": "CVE-2023-27537",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2023-27537"
},
{
"cve": "CVE-2023-27538",
"product_status": {
"known_affected": [
"T027937",
"T002207",
"T027935",
"T027936",
"T048680",
"5104",
"T048685",
"T048687",
"T048686"
]
},
"release_date": "2023-06-01T22:00:00.000+00:00",
"title": "CVE-2023-27538"
}
]
}
WID-SEC-W-2023-1424
Vulnerability from csaf_certbund - Published: 2023-06-12 22:00 - Updated: 2025-10-06 22:00Summary
Xerox FreeFlow Print Server für Solaris: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Betroffene Betriebssysteme: - UNIX
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Xerox FreeFlow Print Server 9
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:9
|
9 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FreeFlow-Druckserver ist eine Druckserveranwendung f\u00fcr Xerox-Produktionsdrucker, die Flexibilit\u00e4t, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verf\u00fcgbarkeit und Integrit\u00e4t des Systems zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1424 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1424.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1424 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1424"
},
{
"category": "external",
"summary": "Xerox Security Bulletin vom 2023-06-12",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2023/06/Xerox-Security-Bulletin-XRX23-009-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-017 vom 2025-10-07",
"url": "https://security.business.xerox.com/wp-content/uploads/2025/10/Xerox-Security-Bulletin-XRX25-017-for-Xerox-FreeFlow-Print-Server-v9.pdf"
}
],
"source_lang": "en-US",
"title": "Xerox FreeFlow Print Server f\u00fcr Solaris: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-06T22:00:00.000+00:00",
"generator": {
"date": "2025-10-07T08:04:36.463+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2023-1424",
"initial_release_date": "2023-06-12T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-12T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-06T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von XEROX aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9",
"product": {
"name": "Xerox FreeFlow Print Server 9",
"product_id": "T002977",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:9"
}
}
},
{
"category": "product_version",
"name": "v9 for Solaris",
"product": {
"name": "Xerox FreeFlow Print Server v9 for Solaris",
"product_id": "T028053",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9_for_solaris"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-20001",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2006-20001"
},
{
"cve": "CVE-2017-12613",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2017-12613"
},
{
"cve": "CVE-2018-25032",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2018-25032"
},
{
"cve": "CVE-2021-29338",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2021-29338"
},
{
"cve": "CVE-2021-30860",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2021-30860"
},
{
"cve": "CVE-2021-35940",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2021-35940"
},
{
"cve": "CVE-2021-37519",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2021-37519"
},
{
"cve": "CVE-2021-37750",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2021-37750"
},
{
"cve": "CVE-2022-0718",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-0718"
},
{
"cve": "CVE-2022-1122",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-1122"
},
{
"cve": "CVE-2022-1292",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-1292"
},
{
"cve": "CVE-2022-1705",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-1705"
},
{
"cve": "CVE-2022-1962",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-1962"
},
{
"cve": "CVE-2022-21291",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-21291"
},
{
"cve": "CVE-2022-21349",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-21349"
},
{
"cve": "CVE-2022-21515",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-21515"
},
{
"cve": "CVE-2022-2309",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2309"
},
{
"cve": "CVE-2022-23521",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-23521"
},
{
"cve": "CVE-2022-24675",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-24675"
},
{
"cve": "CVE-2022-24963",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-24963"
},
{
"cve": "CVE-2022-25147",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-25147"
},
{
"cve": "CVE-2022-25255",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-25255"
},
{
"cve": "CVE-2022-27337",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-27337"
},
{
"cve": "CVE-2022-27536",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-27536"
},
{
"cve": "CVE-2022-27664",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-27664"
},
{
"cve": "CVE-2022-27778",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-27778"
},
{
"cve": "CVE-2022-28131",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-28131"
},
{
"cve": "CVE-2022-2816",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2816"
},
{
"cve": "CVE-2022-2817",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2817"
},
{
"cve": "CVE-2022-2819",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2819"
},
{
"cve": "CVE-2022-28327",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-28327"
},
{
"cve": "CVE-2022-28331",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-28331"
},
{
"cve": "CVE-2022-2845",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2845"
},
{
"cve": "CVE-2022-2849",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2849"
},
{
"cve": "CVE-2022-2862",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2862"
},
{
"cve": "CVE-2022-2874",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2874"
},
{
"cve": "CVE-2022-2879",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2879"
},
{
"cve": "CVE-2022-2880",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2880"
},
{
"cve": "CVE-2022-2889",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2889"
},
{
"cve": "CVE-2022-2923",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2923"
},
{
"cve": "CVE-2022-2928",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2928"
},
{
"cve": "CVE-2022-2929",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2929"
},
{
"cve": "CVE-2022-2946",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2946"
},
{
"cve": "CVE-2022-29526",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-29526"
},
{
"cve": "CVE-2022-2980",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-2980"
},
{
"cve": "CVE-2022-29804",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-29804"
},
{
"cve": "CVE-2022-3016",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3016"
},
{
"cve": "CVE-2022-3037",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3037"
},
{
"cve": "CVE-2022-30580",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-30580"
},
{
"cve": "CVE-2022-30629",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-30629"
},
{
"cve": "CVE-2022-30630",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-30630"
},
{
"cve": "CVE-2022-30631",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-30631"
},
{
"cve": "CVE-2022-30632",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-30632"
},
{
"cve": "CVE-2022-30633",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-30633"
},
{
"cve": "CVE-2022-30634",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-30634"
},
{
"cve": "CVE-2022-30635",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-30635"
},
{
"cve": "CVE-2022-3094",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3094"
},
{
"cve": "CVE-2022-3099",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3099"
},
{
"cve": "CVE-2022-3134",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3134"
},
{
"cve": "CVE-2022-3153",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3153"
},
{
"cve": "CVE-2022-32148",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-32148"
},
{
"cve": "CVE-2022-32189",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-32189"
},
{
"cve": "CVE-2022-32190",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-32190"
},
{
"cve": "CVE-2022-32205",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-32206",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32207",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32208",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32221",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2022-3234",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3234"
},
{
"cve": "CVE-2022-3235",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3235"
},
{
"cve": "CVE-2022-3256",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3256"
},
{
"cve": "CVE-2022-3278",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3278"
},
{
"cve": "CVE-2022-3296",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3296"
},
{
"cve": "CVE-2022-3297",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3297"
},
{
"cve": "CVE-2022-3324",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3324"
},
{
"cve": "CVE-2022-3352",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3352"
},
{
"cve": "CVE-2022-3515",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3515"
},
{
"cve": "CVE-2022-35252",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-35260",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-35260"
},
{
"cve": "CVE-2022-36113",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-36113"
},
{
"cve": "CVE-2022-36114",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-36114"
},
{
"cve": "CVE-2022-36227",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-36227"
},
{
"cve": "CVE-2022-36760",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-36760"
},
{
"cve": "CVE-2022-3705",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3705"
},
{
"cve": "CVE-2022-3736",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3736"
},
{
"cve": "CVE-2022-37436",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-37436"
},
{
"cve": "CVE-2022-38171",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-38171"
},
{
"cve": "CVE-2022-38784",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-38784"
},
{
"cve": "CVE-2022-3924",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-3924"
},
{
"cve": "CVE-2022-39253",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-39253"
},
{
"cve": "CVE-2022-40303",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-40303"
},
{
"cve": "CVE-2022-40304",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2022-40898",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-40898"
},
{
"cve": "CVE-2022-41715",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-41715"
},
{
"cve": "CVE-2022-41716",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-41716"
},
{
"cve": "CVE-2022-41903",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-41903"
},
{
"cve": "CVE-2022-42010",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-42010"
},
{
"cve": "CVE-2022-42011",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-42011"
},
{
"cve": "CVE-2022-42012",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-42012"
},
{
"cve": "CVE-2022-4203",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-4203"
},
{
"cve": "CVE-2022-4283",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-4283"
},
{
"cve": "CVE-2022-42898",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-42898"
},
{
"cve": "CVE-2022-42915",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-42916",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-42919",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-42919"
},
{
"cve": "CVE-2022-4304",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-4304"
},
{
"cve": "CVE-2022-4345",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-4345"
},
{
"cve": "CVE-2022-4450",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-4450"
},
{
"cve": "CVE-2022-45143",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-45143"
},
{
"cve": "CVE-2022-45199",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-45199"
},
{
"cve": "CVE-2022-45939",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-45939"
},
{
"cve": "CVE-2022-46340",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46340"
},
{
"cve": "CVE-2022-46341",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46341"
},
{
"cve": "CVE-2022-46342",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46342"
},
{
"cve": "CVE-2022-46343",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46343"
},
{
"cve": "CVE-2022-46344",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46344"
},
{
"cve": "CVE-2022-46871",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46871"
},
{
"cve": "CVE-2022-46874",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46874"
},
{
"cve": "CVE-2022-46877",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-46877"
},
{
"cve": "CVE-2022-48281",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2022-48281"
},
{
"cve": "CVE-2023-0215",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0215"
},
{
"cve": "CVE-2023-0216",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0216"
},
{
"cve": "CVE-2023-0217",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0217"
},
{
"cve": "CVE-2023-0286",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2023-0401",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0401"
},
{
"cve": "CVE-2023-0411",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0411"
},
{
"cve": "CVE-2023-0412",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0412"
},
{
"cve": "CVE-2023-0413",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0413"
},
{
"cve": "CVE-2023-0414",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0414"
},
{
"cve": "CVE-2023-0415",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0415"
},
{
"cve": "CVE-2023-0416",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0416"
},
{
"cve": "CVE-2023-0417",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0417"
},
{
"cve": "CVE-2023-0430",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0430"
},
{
"cve": "CVE-2023-0567",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0567"
},
{
"cve": "CVE-2023-0568",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0568"
},
{
"cve": "CVE-2023-0616",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0616"
},
{
"cve": "CVE-2023-0662",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0662"
},
{
"cve": "CVE-2023-0767",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0767"
},
{
"cve": "CVE-2023-0795",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0795"
},
{
"cve": "CVE-2023-0796",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0796"
},
{
"cve": "CVE-2023-0797",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0797"
},
{
"cve": "CVE-2023-0798",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0798"
},
{
"cve": "CVE-2023-0799",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0799"
},
{
"cve": "CVE-2023-0800",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0800"
},
{
"cve": "CVE-2023-0801",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0801"
},
{
"cve": "CVE-2023-0802",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0802"
},
{
"cve": "CVE-2023-0803",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0803"
},
{
"cve": "CVE-2023-0804",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-0804"
},
{
"cve": "CVE-2023-21830",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21830"
},
{
"cve": "CVE-2023-21840",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21840"
},
{
"cve": "CVE-2023-21843",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21843"
},
{
"cve": "CVE-2023-21896",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21896"
},
{
"cve": "CVE-2023-21928",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21928"
},
{
"cve": "CVE-2023-21984",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21984"
},
{
"cve": "CVE-2023-21985",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-21985"
},
{
"cve": "CVE-2023-22003",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-22003"
},
{
"cve": "CVE-2023-22490",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-22490"
},
{
"cve": "CVE-2023-22809",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-22809"
},
{
"cve": "CVE-2023-23598",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23598"
},
{
"cve": "CVE-2023-23599",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23599"
},
{
"cve": "CVE-2023-23601",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23601"
},
{
"cve": "CVE-2023-23602",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23602"
},
{
"cve": "CVE-2023-23603",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23603"
},
{
"cve": "CVE-2023-23605",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23605"
},
{
"cve": "CVE-2023-23918",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23918"
},
{
"cve": "CVE-2023-23919",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23919"
},
{
"cve": "CVE-2023-23920",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23920"
},
{
"cve": "CVE-2023-23936",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23936"
},
{
"cve": "CVE-2023-23946",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23946"
},
{
"cve": "CVE-2023-23969",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-23969"
},
{
"cve": "CVE-2023-24580",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-24580"
},
{
"cve": "CVE-2023-24807",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-24807"
},
{
"cve": "CVE-2023-24998",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-24998"
},
{
"cve": "CVE-2023-25690",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25690"
},
{
"cve": "CVE-2023-25728",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25728"
},
{
"cve": "CVE-2023-25729",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25729"
},
{
"cve": "CVE-2023-25730",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25730"
},
{
"cve": "CVE-2023-25732",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25732"
},
{
"cve": "CVE-2023-25734",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25734"
},
{
"cve": "CVE-2023-25735",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25735"
},
{
"cve": "CVE-2023-25737",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25737"
},
{
"cve": "CVE-2023-25738",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25738"
},
{
"cve": "CVE-2023-25739",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25739"
},
{
"cve": "CVE-2023-25742",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25742"
},
{
"cve": "CVE-2023-25743",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25743"
},
{
"cve": "CVE-2023-25744",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25744"
},
{
"cve": "CVE-2023-25746",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25746"
},
{
"cve": "CVE-2023-25751",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25751"
},
{
"cve": "CVE-2023-25752",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-25752"
},
{
"cve": "CVE-2023-27522",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-27522"
},
{
"cve": "CVE-2023-28162",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-28162"
},
{
"cve": "CVE-2023-28163",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-28163"
},
{
"cve": "CVE-2023-28164",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-28164"
},
{
"cve": "CVE-2023-28176",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-28176"
},
{
"cve": "CVE-2023-28708",
"product_status": {
"known_affected": [
"T028053",
"T002977"
]
},
"release_date": "2023-06-12T22:00:00.000+00:00",
"title": "CVE-2023-28708"
}
]
}
WID-SEC-W-2023-1614
Vulnerability from csaf_certbund - Published: 2023-06-29 22:00 - Updated: 2023-10-25 22:00Summary
Tenable Security Nessus Network Monitor: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Tenable Nessus Network Monitor ist eine Lösung zur Inventarisierung und Überwachung von Netzwerkgeräten und den genutzten Protokollen.
Angriff: Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren.
Betroffene Betriebssysteme: - Sonstiges
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszulösen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erhöhte Rechte.
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Tenable Nessus Network Monitor ist eine L\u00f6sung zur Inventarisierung und \u00dcberwachung von Netzwerkger\u00e4ten und den genutzten Protokollen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, authentisierter oder lokaler Angreifer kann mehrere Schwachstellen in Tenable Security Nessus Network Monitor ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1614 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1614.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1614 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1614"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2023-34 vom 2023-10-25",
"url": "https://de.tenable.com/security/tns-2023-34"
},
{
"category": "external",
"summary": "Tenable Security Advisory vom 2023-06-29",
"url": "https://de.tenable.com/security/tns-2023-23"
}
],
"source_lang": "en-US",
"title": "Tenable Security Nessus Network Monitor: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-10-25T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:53:59.941+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1614",
"initial_release_date": "2023-06-29T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-06-29T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2023-07-03T22:00:00.000+00:00",
"number": "2",
"summary": "Produkt berichtigt"
},
{
"date": "2023-10-25T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Tenable aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Tenable Security Nessus Network Monitor \u003c 6.2.2",
"product": {
"name": "Tenable Security Nessus Network Monitor \u003c 6.2.2",
"product_id": "T028403",
"product_identification_helper": {
"cpe": "cpe:/a:tenable:nessus_network_monitor:6.2.2"
}
}
}
],
"category": "vendor",
"name": "Tenable Security"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-32067",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-32067"
},
{
"cve": "CVE-2023-31147",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-31147"
},
{
"cve": "CVE-2023-31130",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-31130"
},
{
"cve": "CVE-2023-31124",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-31124"
},
{
"cve": "CVE-2023-29469",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-29469"
},
{
"cve": "CVE-2023-28484",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-28484"
},
{
"cve": "CVE-2023-28322",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-28322"
},
{
"cve": "CVE-2023-28321",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-28321"
},
{
"cve": "CVE-2023-28320",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-28320"
},
{
"cve": "CVE-2023-27538",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-27538"
},
{
"cve": "CVE-2023-27536",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-27536"
},
{
"cve": "CVE-2023-27535",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-27535"
},
{
"cve": "CVE-2023-27534",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-27534"
},
{
"cve": "CVE-2023-27533",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-27533"
},
{
"cve": "CVE-2023-2650",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-2650"
},
{
"cve": "CVE-2023-23916",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-23916"
},
{
"cve": "CVE-2023-23915",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-23915"
},
{
"cve": "CVE-2023-23914",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-23914"
},
{
"cve": "CVE-2023-1255",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-1255"
},
{
"cve": "CVE-2023-0466",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-0466"
},
{
"cve": "CVE-2023-0465",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2023-0465"
},
{
"cve": "CVE-2022-4904",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-4904"
},
{
"cve": "CVE-2022-46908",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-46908"
},
{
"cve": "CVE-2022-43552",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-43552"
},
{
"cve": "CVE-2022-43551",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-43551"
},
{
"cve": "CVE-2022-42916",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-42915",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-40304",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-40304"
},
{
"cve": "CVE-2022-40303",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-40303"
},
{
"cve": "CVE-2022-35737",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-35737"
},
{
"cve": "CVE-2022-35252",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-32221",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2022-32208",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32207",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32206",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32205",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-31160",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-31160"
},
{
"cve": "CVE-2022-29824",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-29824"
},
{
"cve": "CVE-2022-27782",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-27781",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-27781"
},
{
"cve": "CVE-2022-27776",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-27776"
},
{
"cve": "CVE-2022-27775",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-27775"
},
{
"cve": "CVE-2022-27774",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-27774"
},
{
"cve": "CVE-2022-23395",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-23395"
},
{
"cve": "CVE-2022-23308",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-23308"
},
{
"cve": "CVE-2022-22576",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2022-22576"
},
{
"cve": "CVE-2021-45346",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2021-45346"
},
{
"cve": "CVE-2021-3672",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2021-3672"
},
{
"cve": "CVE-2021-36690",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2021-36690"
},
{
"cve": "CVE-2021-3541",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2021-3541"
},
{
"cve": "CVE-2021-3537",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2021-3537"
},
{
"cve": "CVE-2021-3518",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2021-3518"
},
{
"cve": "CVE-2021-3517",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2021-3517"
},
{
"cve": "CVE-2021-31239",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2021-31239"
},
{
"cve": "CVE-2021-30560",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2021-30560"
},
{
"cve": "CVE-2021-20227",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2021-20227"
},
{
"cve": "CVE-2020-9327",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-9327"
},
{
"cve": "CVE-2020-7595",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-7595"
},
{
"cve": "CVE-2020-35527",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-35527"
},
{
"cve": "CVE-2020-35525",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-35525"
},
{
"cve": "CVE-2020-24977",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-24977"
},
{
"cve": "CVE-2020-15358",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-15358"
},
{
"cve": "CVE-2020-14155",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-14155"
},
{
"cve": "CVE-2020-13871",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-13871"
},
{
"cve": "CVE-2020-13632",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-13632"
},
{
"cve": "CVE-2020-13631",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-13631"
},
{
"cve": "CVE-2020-13630",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-13630"
},
{
"cve": "CVE-2020-13435",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-13435"
},
{
"cve": "CVE-2020-13434",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-13434"
},
{
"cve": "CVE-2020-11656",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-11656"
},
{
"cve": "CVE-2020-11655",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2020-11655"
},
{
"cve": "CVE-2019-9937",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-9937"
},
{
"cve": "CVE-2019-9936",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-9936"
},
{
"cve": "CVE-2019-8457",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-8457"
},
{
"cve": "CVE-2019-5815",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-5815"
},
{
"cve": "CVE-2019-20838",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-20838"
},
{
"cve": "CVE-2019-20388",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-20388"
},
{
"cve": "CVE-2019-20218",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-20218"
},
{
"cve": "CVE-2019-19959",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-19959"
},
{
"cve": "CVE-2019-19956",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-19956"
},
{
"cve": "CVE-2019-19926",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-19926"
},
{
"cve": "CVE-2019-19925",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-19925"
},
{
"cve": "CVE-2019-19924",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-19924"
},
{
"cve": "CVE-2019-19923",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-19923"
},
{
"cve": "CVE-2019-19880",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-19880"
},
{
"cve": "CVE-2019-19646",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-19646"
},
{
"cve": "CVE-2019-19645",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-19645"
},
{
"cve": "CVE-2019-19603",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-19603"
},
{
"cve": "CVE-2019-19317",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-19317"
},
{
"cve": "CVE-2019-19244",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-19244"
},
{
"cve": "CVE-2019-19242",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-19242"
},
{
"cve": "CVE-2019-16168",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-16168"
},
{
"cve": "CVE-2019-13118",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-13118"
},
{
"cve": "CVE-2019-13117",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-13117"
},
{
"cve": "CVE-2019-12900",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-12900"
},
{
"cve": "CVE-2019-11068",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2019-11068"
},
{
"cve": "CVE-2018-9251",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2018-9251"
},
{
"cve": "CVE-2018-14567",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2018-14567"
},
{
"cve": "CVE-2018-14404",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2018-14404"
},
{
"cve": "CVE-2017-9050",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-9050"
},
{
"cve": "CVE-2017-9049",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-9049"
},
{
"cve": "CVE-2017-9048",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-9048"
},
{
"cve": "CVE-2017-9047",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-9047"
},
{
"cve": "CVE-2017-8872",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-8872"
},
{
"cve": "CVE-2017-7376",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-7376"
},
{
"cve": "CVE-2017-7375",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-7375"
},
{
"cve": "CVE-2017-5969",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-5969"
},
{
"cve": "CVE-2017-5130",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-5130"
},
{
"cve": "CVE-2017-5029",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-5029"
},
{
"cve": "CVE-2017-18258",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-18258"
},
{
"cve": "CVE-2017-16932",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-16932"
},
{
"cve": "CVE-2017-16931",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-16931"
},
{
"cve": "CVE-2017-15412",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-15412"
},
{
"cve": "CVE-2017-1000381",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-1000381"
},
{
"cve": "CVE-2017-1000061",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2017-1000061"
},
{
"cve": "CVE-2016-9598",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-9598"
},
{
"cve": "CVE-2016-9597",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-9597"
},
{
"cve": "CVE-2016-9596",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-9596"
},
{
"cve": "CVE-2016-5180",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-5180"
},
{
"cve": "CVE-2016-5131",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-5131"
},
{
"cve": "CVE-2016-4658",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-4658"
},
{
"cve": "CVE-2016-4609",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-4609"
},
{
"cve": "CVE-2016-4607",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-4607"
},
{
"cve": "CVE-2016-4483",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-4483"
},
{
"cve": "CVE-2016-4449",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-4449"
},
{
"cve": "CVE-2016-4448",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-4448"
},
{
"cve": "CVE-2016-4447",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-4447"
},
{
"cve": "CVE-2016-3709",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-3709"
},
{
"cve": "CVE-2016-3705",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-3705"
},
{
"cve": "CVE-2016-3627",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-3627"
},
{
"cve": "CVE-2016-3189",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-3189"
},
{
"cve": "CVE-2016-2073",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-2073"
},
{
"cve": "CVE-2016-1840",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-1840"
},
{
"cve": "CVE-2016-1839",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-1839"
},
{
"cve": "CVE-2016-1838",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-1838"
},
{
"cve": "CVE-2016-1837",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-1837"
},
{
"cve": "CVE-2016-1836",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-1836"
},
{
"cve": "CVE-2016-1834",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-1834"
},
{
"cve": "CVE-2016-1833",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-1833"
},
{
"cve": "CVE-2016-1762",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-1762"
},
{
"cve": "CVE-2016-1684",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-1684"
},
{
"cve": "CVE-2016-1683",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2016-1683"
},
{
"cve": "CVE-2015-9019",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-9019"
},
{
"cve": "CVE-2015-8806",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-8806"
},
{
"cve": "CVE-2015-8710",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-8710"
},
{
"cve": "CVE-2015-8317",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-8317"
},
{
"cve": "CVE-2015-8242",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-8242"
},
{
"cve": "CVE-2015-8241",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-8241"
},
{
"cve": "CVE-2015-8035",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-8035"
},
{
"cve": "CVE-2015-7995",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-7995"
},
{
"cve": "CVE-2015-7942",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-7942"
},
{
"cve": "CVE-2015-7941",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-7941"
},
{
"cve": "CVE-2015-7500",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-7500"
},
{
"cve": "CVE-2015-7499",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-7499"
},
{
"cve": "CVE-2015-7498",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-7498"
},
{
"cve": "CVE-2015-7497",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-7497"
},
{
"cve": "CVE-2015-5312",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2015-5312"
},
{
"cve": "CVE-2014-3660",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2014-3660"
},
{
"cve": "CVE-2013-4520",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2013-4520"
},
{
"cve": "CVE-2013-2877",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2013-2877"
},
{
"cve": "CVE-2013-1969",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2013-1969"
},
{
"cve": "CVE-2013-0339",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2013-0339"
},
{
"cve": "CVE-2013-0338",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2013-0338"
},
{
"cve": "CVE-2012-6139",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2012-6139"
},
{
"cve": "CVE-2012-5134",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2012-5134"
},
{
"cve": "CVE-2012-2871",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2012-2871"
},
{
"cve": "CVE-2012-2870",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2012-2870"
},
{
"cve": "CVE-2012-0841",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2012-0841"
},
{
"cve": "CVE-2011-3970",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2011-3970"
},
{
"cve": "CVE-2011-1944",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2011-1944"
},
{
"cve": "CVE-2011-1202",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2011-1202"
},
{
"cve": "CVE-2010-4494",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2010-4494"
},
{
"cve": "CVE-2010-4008",
"notes": [
{
"category": "description",
"text": "In Tenable Security Nessus Network Monitor existieren mehrere Schwachstellen. Die Fehler bestehen unter anderem in Komponenten von Drittanbietern wie c-ares, curl, libbzip2, libpcre, libxml2, sqlite und OpenSSL. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand auszul\u00f6sen und Daten zu manipulieren. Die erfolgreiche Ausnutzung einiger dieser Schwachstellen erfordert eine Benutzerinteraktion oder erh\u00f6hte Rechte."
}
],
"release_date": "2023-06-29T22:00:00.000+00:00",
"title": "CVE-2010-4008"
}
]
}
WID-SEC-W-2023-1728
Vulnerability from csaf_certbund - Published: 2023-07-11 22:00 - Updated: 2023-07-11 22:00Summary
Autodesk AutoCAD: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: AutoCAD ist Teil der CAD (Computer Aided Design) Produktpalette von Autodesk.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Autodesk AutoCAD ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
Betroffene Betriebssysteme: - UNIX
- Linux
- MacOS X
- Windows
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem "cURL", "Expat", "SQLite" sowie "Zlib". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuführen, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "AutoCAD ist Teil der CAD (Computer Aided Design) Produktpalette von Autodesk.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Autodesk AutoCAD ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1728 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1728.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1728 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1728"
},
{
"category": "external",
"summary": "Autodesk Security Advisory adsk-sa-2023-0015 vom 2023-07-11",
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2023-0015"
}
],
"source_lang": "en-US",
"title": "Autodesk AutoCAD: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-07-11T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:55:21.152+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1728",
"initial_release_date": "2023-07-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-07-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Autodesk AutoCAD \u003c 2023.1.3",
"product": {
"name": "Autodesk AutoCAD \u003c 2023.1.3",
"product_id": "T027257",
"product_identification_helper": {
"cpe": "cpe:/a:autodesk:autocad:2023.1.3"
}
}
}
],
"category": "vendor",
"name": "Autodesk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-25002",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2023-25002"
},
{
"cve": "CVE-2022-46908",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-46908"
},
{
"cve": "CVE-2022-42916",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-42915",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-40674",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-40674"
},
{
"cve": "CVE-2022-37434",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-35252",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-32221",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2022-32208",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32207",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32206",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32205",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-27782",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-27781",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-27781"
},
{
"cve": "CVE-2022-27780",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-27780"
},
{
"cve": "CVE-2022-27776",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-27776"
},
{
"cve": "CVE-2022-27775",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-27775"
},
{
"cve": "CVE-2022-27774",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-27774"
},
{
"cve": "CVE-2022-22576",
"notes": [
{
"category": "description",
"text": "In Autodesk AutoCAD bestehen mehrere Schwachstellen in Komponenten von Drittanbietern. Betroffen sind unter anderem \"cURL\", \"Expat\", \"SQLite\" sowie \"Zlib\". Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren, Sicherheitsvorkehrungen zu umgehen, Dateien zu manipulieren oder Informationen offenzulegen."
}
],
"release_date": "2023-07-11T22:00:00.000+00:00",
"title": "CVE-2022-22576"
}
]
}
WID-SEC-W-2023-2229
Vulnerability from csaf_certbund - Published: 2023-08-30 22:00 - Updated: 2025-11-18 23:00Summary
Splunk Splunk Enterprise: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.
Angriff: Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuführen, einen 'Denial of Service'-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.
Betroffene Betriebssysteme: - Linux
- MacOS X
- Windows
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
Affected products
Known affected
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Splunk Splunk Enterprise <9.0.9
Splunk / Splunk Enterprise
|
<9.0.9 | ||
|
Atlassian Confluence <10.1.1
Atlassian / Confluence
|
<10.1.1 | ||
|
Splunk Splunk Enterprise
Splunk / Splunk Enterprise
|
cpe:/a:splunk:splunk:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Splunk Splunk Enterprise <9.1.4
Splunk / Splunk Enterprise
|
<9.1.4 | ||
|
Atlassian Confluence <10.0.2
Atlassian / Confluence
|
<10.0.2 | ||
|
Splunk Splunk Enterprise <8.2.12
Splunk / Splunk Enterprise
|
<8.2.12 | ||
|
Splunk Splunk Enterprise <9.2.1
Splunk / Splunk Enterprise
|
<9.2.1 | ||
|
Splunk Splunk Enterprise <9.0.6
Splunk / Splunk Enterprise
|
<9.0.6 | ||
|
Splunk Splunk Enterprise <9.1.1
Splunk / Splunk Enterprise
|
<9.1.1 | ||
|
Atlassian Confluence <8.5.25
Atlassian / Confluence
|
<8.5.25 | ||
|
Atlassian Confluence <9.2.7
Atlassian / Confluence
|
<9.2.7 |
References
16 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentifizierter Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um beliebigen Code auszuf\u00fchren, einen \u0027Denial of Service\u0027-Zustand zu verursachen, seine Privilegien zu erweitern und weitere, nicht spezifizierte Auswirkungen zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2229 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2229.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2229 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2229"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0801"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0802"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0803"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0804"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0805"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0806"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0807"
},
{
"category": "external",
"summary": "Splunk Security Advisory vom 2023-08-30",
"url": "https://advisory.splunk.com//advisories/SVD-2023-0808"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:0196-1 vom 2024-01-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-January/017743.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-2988 vom 2024-05-28",
"url": "https://linux.oracle.com/errata/ELSA-2024-2988.html"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02",
"url": "https://advisory.splunk.com/advisories/SVD-2024-0718"
},
{
"category": "external",
"summary": "Splunk Security Advisory SVD-2024-0801 vom 2024-08-12",
"url": "https://advisory.splunk.com//advisories/SVD-2024-0801"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03545-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UB7MGNRMXC5LO5Y66FLOE354VVU5ULQK/"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - November 18 2025",
"url": "https://confluence.atlassian.com/security/security-bulletin-november-18-2025-1671463469.html"
}
],
"source_lang": "en-US",
"title": "Splunk Splunk Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-18T23:00:00.000+00:00",
"generator": {
"date": "2025-11-19T09:42:41.445+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2023-2229",
"initial_release_date": "2023-08-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-01-23T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-05-28T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2024-08-12T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Splunk-SVD aufgenommen"
},
{
"date": "2025-10-12T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-11-18T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1.1",
"product": {
"name": "Atlassian Confluence \u003c10.1.1",
"product_id": "T048680"
}
},
{
"category": "product_version",
"name": "10.1.1",
"product": {
"name": "Atlassian Confluence 10.1.1",
"product_id": "T048680-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:10.1.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.0.2",
"product": {
"name": "Atlassian Confluence \u003c10.0.2",
"product_id": "T048685"
}
},
{
"category": "product_version",
"name": "10.0.2",
"product": {
"name": "Atlassian Confluence 10.0.2",
"product_id": "T048685-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:10.0.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.7",
"product": {
"name": "Atlassian Confluence \u003c9.2.7",
"product_id": "T048686"
}
},
{
"category": "product_version",
"name": "9.2.7",
"product": {
"name": "Atlassian Confluence 9.2.7",
"product_id": "T048686-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:9.2.7"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.25",
"product": {
"name": "Atlassian Confluence \u003c8.5.25",
"product_id": "T048687"
}
},
{
"category": "product_version",
"name": "8.5.25",
"product": {
"name": "Atlassian Confluence 8.5.25",
"product_id": "T048687-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.25"
}
}
}
],
"category": "product_name",
"name": "Confluence"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Splunk Splunk Enterprise",
"product": {
"name": "Splunk Splunk Enterprise",
"product_id": "T008911",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.1",
"product_id": "T029634"
}
},
{
"category": "product_version",
"name": "9.1.1",
"product": {
"name": "Splunk Splunk Enterprise 9.1.1",
"product_id": "T029634-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.6",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.0.6",
"product_id": "T029635"
}
},
{
"category": "product_version",
"name": "9.0.6",
"product": {
"name": "Splunk Splunk Enterprise 9.0.6",
"product_id": "T029635-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.0.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.2.12",
"product": {
"name": "Splunk Splunk Enterprise \u003c8.2.12",
"product_id": "T029636"
}
},
{
"category": "product_version",
"name": "8.2.12",
"product": {
"name": "Splunk Splunk Enterprise 8.2.12",
"product_id": "T029636-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:8.2.12"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.1",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.2.1",
"product_id": "T033705"
}
},
{
"category": "product_version",
"name": "9.2.1",
"product": {
"name": "Splunk Splunk Enterprise 9.2.1",
"product_id": "T033705-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.2.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.1.4",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.1.4",
"product_id": "T033718"
}
},
{
"category": "product_version",
"name": "9.1.4",
"product": {
"name": "Splunk Splunk Enterprise 9.1.4",
"product_id": "T033718-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.1.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.0.9",
"product": {
"name": "Splunk Splunk Enterprise \u003c9.0.9",
"product_id": "T033720"
}
},
{
"category": "product_version",
"name": "9.0.9",
"product": {
"name": "Splunk Splunk Enterprise 9.0.9",
"product_id": "T033720-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:splunk:splunk:9.0.9"
}
}
}
],
"category": "product_name",
"name": "Splunk Enterprise"
}
],
"category": "vendor",
"name": "Splunk"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-7489",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2013-7489"
},
{
"cve": "CVE-2018-10237",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2018-10237"
},
{
"cve": "CVE-2018-20225",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2018-20225"
},
{
"cve": "CVE-2019-20454",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2019-20454"
},
{
"cve": "CVE-2019-20838",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2019-20838"
},
{
"cve": "CVE-2020-14155",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-14155"
},
{
"cve": "CVE-2020-28469",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-28469"
},
{
"cve": "CVE-2020-28851",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-28851"
},
{
"cve": "CVE-2020-29652",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-29652"
},
{
"cve": "CVE-2020-8169",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8169"
},
{
"cve": "CVE-2020-8177",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8177"
},
{
"cve": "CVE-2020-8231",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8231"
},
{
"cve": "CVE-2020-8284",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8284"
},
{
"cve": "CVE-2020-8285",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8285"
},
{
"cve": "CVE-2020-8286",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8286"
},
{
"cve": "CVE-2020-8908",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2020-8908"
},
{
"cve": "CVE-2021-20066",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-20066"
},
{
"cve": "CVE-2021-22569",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22569"
},
{
"cve": "CVE-2021-22876",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22876"
},
{
"cve": "CVE-2021-22890",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22890"
},
{
"cve": "CVE-2021-22897",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22897"
},
{
"cve": "CVE-2021-22898",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22898"
},
{
"cve": "CVE-2021-22901",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22901"
},
{
"cve": "CVE-2021-22922",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22922"
},
{
"cve": "CVE-2021-22923",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22923"
},
{
"cve": "CVE-2021-22924",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22924"
},
{
"cve": "CVE-2021-22925",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22925"
},
{
"cve": "CVE-2021-22926",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22926"
},
{
"cve": "CVE-2021-22945",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22945"
},
{
"cve": "CVE-2021-22946",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22946"
},
{
"cve": "CVE-2021-22947",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-22947"
},
{
"cve": "CVE-2021-23343",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-23343"
},
{
"cve": "CVE-2021-23382",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-23382"
},
{
"cve": "CVE-2021-27918",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-27918"
},
{
"cve": "CVE-2021-27919",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-27919"
},
{
"cve": "CVE-2021-29060",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-29060"
},
{
"cve": "CVE-2021-29425",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-29425"
},
{
"cve": "CVE-2021-29923",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-29923"
},
{
"cve": "CVE-2021-31525",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-31525"
},
{
"cve": "CVE-2021-31566",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-31566"
},
{
"cve": "CVE-2021-33194",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33194"
},
{
"cve": "CVE-2021-33195",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33195"
},
{
"cve": "CVE-2021-33196",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33196"
},
{
"cve": "CVE-2021-33197",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33197"
},
{
"cve": "CVE-2021-33198",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-33198"
},
{
"cve": "CVE-2021-34558",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-34558"
},
{
"cve": "CVE-2021-3520",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-3520"
},
{
"cve": "CVE-2021-3572",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-3572"
},
{
"cve": "CVE-2021-36221",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-36221"
},
{
"cve": "CVE-2021-36976",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-36976"
},
{
"cve": "CVE-2021-3803",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-3803"
},
{
"cve": "CVE-2021-38297",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-38297"
},
{
"cve": "CVE-2021-38561",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-38561"
},
{
"cve": "CVE-2021-39293",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-39293"
},
{
"cve": "CVE-2021-41182",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41182"
},
{
"cve": "CVE-2021-41183",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41183"
},
{
"cve": "CVE-2021-41184",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41184"
},
{
"cve": "CVE-2021-41771",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41771"
},
{
"cve": "CVE-2021-41772",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-41772"
},
{
"cve": "CVE-2021-43565",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-43565"
},
{
"cve": "CVE-2021-44716",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-44716"
},
{
"cve": "CVE-2021-44717",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2021-44717"
},
{
"cve": "CVE-2022-1705",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-1705"
},
{
"cve": "CVE-2022-1941",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-1941"
},
{
"cve": "CVE-2022-1962",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-1962"
},
{
"cve": "CVE-2022-22576",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-22576"
},
{
"cve": "CVE-2022-2309",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-2309"
},
{
"cve": "CVE-2022-23491",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23491"
},
{
"cve": "CVE-2022-23772",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23772"
},
{
"cve": "CVE-2022-23773",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23773"
},
{
"cve": "CVE-2022-23806",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-23806"
},
{
"cve": "CVE-2022-24675",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-24675"
},
{
"cve": "CVE-2022-24921",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-24921"
},
{
"cve": "CVE-2022-24999",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-24999"
},
{
"cve": "CVE-2022-25881",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-25881"
},
{
"cve": "CVE-2022-27191",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27191"
},
{
"cve": "CVE-2022-27536",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27536"
},
{
"cve": "CVE-2022-27664",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27664"
},
{
"cve": "CVE-2022-27774",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27774"
},
{
"cve": "CVE-2022-27775",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27775"
},
{
"cve": "CVE-2022-27776",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27776"
},
{
"cve": "CVE-2022-27778",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27778"
},
{
"cve": "CVE-2022-27779",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27779"
},
{
"cve": "CVE-2022-27780",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27780"
},
{
"cve": "CVE-2022-27781",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27781"
},
{
"cve": "CVE-2022-27782",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-28131",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-28131"
},
{
"cve": "CVE-2022-28327",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-28327"
},
{
"cve": "CVE-2022-2879",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-2879"
},
{
"cve": "CVE-2022-2880",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-2880"
},
{
"cve": "CVE-2022-29526",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-29526"
},
{
"cve": "CVE-2022-29804",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-29804"
},
{
"cve": "CVE-2022-30115",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30115"
},
{
"cve": "CVE-2022-30580",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30580"
},
{
"cve": "CVE-2022-30629",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30629"
},
{
"cve": "CVE-2022-30630",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30630"
},
{
"cve": "CVE-2022-30631",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30631"
},
{
"cve": "CVE-2022-30632",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30632"
},
{
"cve": "CVE-2022-30633",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30633"
},
{
"cve": "CVE-2022-30634",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30634"
},
{
"cve": "CVE-2022-30635",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-30635"
},
{
"cve": "CVE-2022-31129",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-31129"
},
{
"cve": "CVE-2022-3171",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3171"
},
{
"cve": "CVE-2022-32148",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32148"
},
{
"cve": "CVE-2022-32149",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32149"
},
{
"cve": "CVE-2022-32189",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32189"
},
{
"cve": "CVE-2022-32205",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-32206",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32207",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32208",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32221",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2022-33987",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-33987"
},
{
"cve": "CVE-2022-3509",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3509"
},
{
"cve": "CVE-2022-3510",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3510"
},
{
"cve": "CVE-2022-3517",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-3517"
},
{
"cve": "CVE-2022-35252",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-35260",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-35260"
},
{
"cve": "CVE-2022-35737",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-35737"
},
{
"cve": "CVE-2022-36227",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-36227"
},
{
"cve": "CVE-2022-37599",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-37599"
},
{
"cve": "CVE-2022-37601",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-37601"
},
{
"cve": "CVE-2022-37603",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-37603"
},
{
"cve": "CVE-2022-38900",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-38900"
},
{
"cve": "CVE-2022-40023",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-40023"
},
{
"cve": "CVE-2022-40897",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-40897"
},
{
"cve": "CVE-2022-40899",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-40899"
},
{
"cve": "CVE-2022-41715",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41715"
},
{
"cve": "CVE-2022-41716",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41716"
},
{
"cve": "CVE-2022-41720",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41720"
},
{
"cve": "CVE-2022-41722",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-41722"
},
{
"cve": "CVE-2022-42003",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42003"
},
{
"cve": "CVE-2022-42004",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42004"
},
{
"cve": "CVE-2022-42915",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-42916",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-43551",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-43551"
},
{
"cve": "CVE-2022-43552",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-43552"
},
{
"cve": "CVE-2022-46175",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2022-46175"
},
{
"cve": "CVE-2023-23914",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-23914"
},
{
"cve": "CVE-2023-23915",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-23915"
},
{
"cve": "CVE-2023-23916",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-23916"
},
{
"cve": "CVE-2023-24539",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-24539"
},
{
"cve": "CVE-2023-24540",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-24540"
},
{
"cve": "CVE-2023-27533",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27533"
},
{
"cve": "CVE-2023-27534",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27534"
},
{
"cve": "CVE-2023-27535",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27535"
},
{
"cve": "CVE-2023-27536",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27536"
},
{
"cve": "CVE-2023-27537",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27537"
},
{
"cve": "CVE-2023-27538",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-27538"
},
{
"cve": "CVE-2023-29400",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29400"
},
{
"cve": "CVE-2023-29402",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29402"
},
{
"cve": "CVE-2023-29403",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29403"
},
{
"cve": "CVE-2023-29404",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29404"
},
{
"cve": "CVE-2023-29405",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-29405"
},
{
"cve": "CVE-2023-40592",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40592"
},
{
"cve": "CVE-2023-40593",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40593"
},
{
"cve": "CVE-2023-40594",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40594"
},
{
"cve": "CVE-2023-40595",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40595"
},
{
"cve": "CVE-2023-40596",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40596"
},
{
"cve": "CVE-2023-40597",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40597"
},
{
"cve": "CVE-2023-40598",
"product_status": {
"known_affected": [
"T033720",
"T048680",
"T008911",
"T004914",
"T002207",
"T033718",
"T048685",
"T029636",
"T033705",
"T029635",
"T029634",
"T048687",
"T048686"
]
},
"release_date": "2023-08-30T22:00:00.000+00:00",
"title": "CVE-2023-40598"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…