Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-28757 (GCVE-0-2024-28757)
Vulnerability from cvelistv5 – Published: 2024-03-10 00:00 – Updated: 2025-11-04 22:06
VLAI
EPSS
Summary
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Assigner
References
10 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28757",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T13:15:18.395170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-776",
"description": "CWE-776 Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T18:36:35.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T22:06:07.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/pull/842"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/libexpat/libexpat/issues/839"
},
{
"name": "FEDORA-2024-4e6e660fae",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/"
},
{
"name": "FEDORA-2024-40b98c9ced",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240322-0001/"
},
{
"name": "FEDORA-2024-afb73e6f62",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/"
},
{
"name": "[oss-security] 20240315 Expat 2.6.2 released, includes security fixes",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/15/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T19:07:21.211Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libexpat/libexpat/pull/842"
},
{
"url": "https://github.com/libexpat/libexpat/issues/839"
},
{
"name": "FEDORA-2024-4e6e660fae",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/"
},
{
"name": "FEDORA-2024-40b98c9ced",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240322-0001/"
},
{
"name": "FEDORA-2024-afb73e6f62",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/"
},
{
"name": "[oss-security] 20240315 Expat 2.6.2 released, includes security fixes",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/15/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-28757",
"datePublished": "2024-03-10T00:00:00.000Z",
"dateReserved": "2024-03-10T00:00:00.000Z",
"dateUpdated": "2025-11-04T22:06:07.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-28757",
"date": "2026-06-02",
"epss": "0.01195",
"percentile": "0.79187"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-28757\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-03-10T05:15:06.570\",\"lastModified\":\"2025-11-04T22:15:59.800\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).\"},{\"lang\":\"es\",\"value\":\"libexpat hasta 2.6.1 permite un ataque de expansi\u00f3n de entidad XML cuando hay un uso aislado de analizadores externos (creados a trav\u00e9s de XML_ExternalEntityParserCreate).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-776\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-776\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.2\",\"matchCriteriaId\":\"463A4DD2-9DA6-420C-A361-293B1166B9C6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5735E553-9731-4AAC-BCFF-989377F817B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A20333EE-4C13-426E-8B54-D78679D5DDB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_tools:10:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"5333B745-F7A3-46CB-8437-8668DB08CD6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:windows_host_utilities:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15282AE5-2005-4852-8FC8-EF2CE0E28FB4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDF61B7-EC5C-467C-B710-B89F502CD04F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89612649-BACF-4FAC-9BA4-324724FD93A6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D9B255-C1AF-42D1-BF9B-13642FBDC080\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD7CFE0E-9D1E-4495-B302-89C3096FC0DF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/15/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Release Notes\"]},{\"url\":\"https://github.com/libexpat/libexpat/issues/839\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/libexpat/libexpat/pull/842\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240322-0001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/15/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Release Notes\"]},{\"url\":\"https://github.com/libexpat/libexpat/issues/839\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/libexpat/libexpat/pull/842\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240322-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/libexpat/libexpat/pull/842\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/libexpat/libexpat/issues/839\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/\", \"name\": \"FEDORA-2024-4e6e660fae\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/\", \"name\": \"FEDORA-2024-40b98c9ced\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240322-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/\", \"name\": \"FEDORA-2024-afb73e6f62\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/15/1\", \"name\": \"[oss-security] 20240315 Expat 2.6.2 released, includes security fixes\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T22:06:07.049Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-28757\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-11T13:15:18.395170Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-776\", \"description\": \"CWE-776 Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-05T15:20:37.934Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/libexpat/libexpat/pull/842\"}, {\"url\": \"https://github.com/libexpat/libexpat/issues/839\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/\", \"name\": \"FEDORA-2024-4e6e660fae\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/\", \"name\": \"FEDORA-2024-40b98c9ced\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240322-0001/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/\", \"name\": \"FEDORA-2024-afb73e6f62\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/15/1\", \"name\": \"[oss-security] 20240315 Expat 2.6.2 released, includes security fixes\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-05-01T19:07:21.211Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-28757\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T22:06:07.049Z\", \"dateReserved\": \"2024-03-10T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-03-10T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2024:1129-2
Vulnerability from csaf_suse - Published: 2024-04-08 07:12 - Updated: 2024-04-08 07:12Summary
Security update for expat
Severity
Important
Notes
Title of the patch: Security update for expat
Description of the patch: This update for expat fixes the following issues:
- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)
Patchnames: SUSE-2024-1129,SUSE-SLE-Micro-5.5-2024-1129
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for expat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for expat fixes the following issues:\n\n- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) \n- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-1129,SUSE-SLE-Micro-5.5-2024-1129",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1129-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:1129-2",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20241129-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:1129-2",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-August/036541.html"
},
{
"category": "self",
"summary": "SUSE Bug 1219559",
"url": "https://bugzilla.suse.com/1219559"
},
{
"category": "self",
"summary": "SUSE Bug 1221289",
"url": "https://bugzilla.suse.com/1221289"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52425 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28757 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28757/"
}
],
"title": "Security update for expat",
"tracking": {
"current_release_date": "2024-04-08T07:12:27Z",
"generator": {
"date": "2024-04-08T07:12:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:1129-2",
"initial_release_date": "2024-04-08T07:12:27Z",
"revision_history": [
{
"date": "2024-04-08T07:12:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.4-150400.3.17.1.aarch64",
"product": {
"name": "expat-2.4.4-150400.3.17.1.aarch64",
"product_id": "expat-2.4.4-150400.3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.4-150400.3.17.1.aarch64",
"product": {
"name": "libexpat-devel-2.4.4-150400.3.17.1.aarch64",
"product_id": "libexpat-devel-2.4.4-150400.3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.4-150400.3.17.1.aarch64",
"product": {
"name": "libexpat1-2.4.4-150400.3.17.1.aarch64",
"product_id": "libexpat1-2.4.4-150400.3.17.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat-devel-64bit-2.4.4-150400.3.17.1.aarch64_ilp32",
"product": {
"name": "libexpat-devel-64bit-2.4.4-150400.3.17.1.aarch64_ilp32",
"product_id": "libexpat-devel-64bit-2.4.4-150400.3.17.1.aarch64_ilp32"
}
},
{
"category": "product_version",
"name": "libexpat1-64bit-2.4.4-150400.3.17.1.aarch64_ilp32",
"product": {
"name": "libexpat1-64bit-2.4.4-150400.3.17.1.aarch64_ilp32",
"product_id": "libexpat1-64bit-2.4.4-150400.3.17.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.4-150400.3.17.1.i586",
"product": {
"name": "expat-2.4.4-150400.3.17.1.i586",
"product_id": "expat-2.4.4-150400.3.17.1.i586"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.4-150400.3.17.1.i586",
"product": {
"name": "libexpat-devel-2.4.4-150400.3.17.1.i586",
"product_id": "libexpat-devel-2.4.4-150400.3.17.1.i586"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.4-150400.3.17.1.i586",
"product": {
"name": "libexpat1-2.4.4-150400.3.17.1.i586",
"product_id": "libexpat1-2.4.4-150400.3.17.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.4-150400.3.17.1.ppc64le",
"product": {
"name": "expat-2.4.4-150400.3.17.1.ppc64le",
"product_id": "expat-2.4.4-150400.3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.4-150400.3.17.1.ppc64le",
"product": {
"name": "libexpat-devel-2.4.4-150400.3.17.1.ppc64le",
"product_id": "libexpat-devel-2.4.4-150400.3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.4-150400.3.17.1.ppc64le",
"product": {
"name": "libexpat1-2.4.4-150400.3.17.1.ppc64le",
"product_id": "libexpat1-2.4.4-150400.3.17.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.4-150400.3.17.1.s390x",
"product": {
"name": "expat-2.4.4-150400.3.17.1.s390x",
"product_id": "expat-2.4.4-150400.3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.4-150400.3.17.1.s390x",
"product": {
"name": "libexpat-devel-2.4.4-150400.3.17.1.s390x",
"product_id": "libexpat-devel-2.4.4-150400.3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.4-150400.3.17.1.s390x",
"product": {
"name": "libexpat1-2.4.4-150400.3.17.1.s390x",
"product_id": "libexpat1-2.4.4-150400.3.17.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "expat-2.4.4-150400.3.17.1.x86_64",
"product": {
"name": "expat-2.4.4-150400.3.17.1.x86_64",
"product_id": "expat-2.4.4-150400.3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-2.4.4-150400.3.17.1.x86_64",
"product": {
"name": "libexpat-devel-2.4.4-150400.3.17.1.x86_64",
"product_id": "libexpat-devel-2.4.4-150400.3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat-devel-32bit-2.4.4-150400.3.17.1.x86_64",
"product": {
"name": "libexpat-devel-32bit-2.4.4-150400.3.17.1.x86_64",
"product_id": "libexpat-devel-32bit-2.4.4-150400.3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-2.4.4-150400.3.17.1.x86_64",
"product": {
"name": "libexpat1-2.4.4-150400.3.17.1.x86_64",
"product_id": "libexpat1-2.4.4-150400.3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "libexpat1-32bit-2.4.4-150400.3.17.1.x86_64",
"product": {
"name": "libexpat1-32bit-2.4.4-150400.3.17.1.x86_64",
"product_id": "libexpat1-32bit-2.4.4-150400.3.17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.17.1.aarch64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.aarch64"
},
"product_reference": "libexpat1-2.4.4-150400.3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.17.1.ppc64le as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.ppc64le"
},
"product_reference": "libexpat1-2.4.4-150400.3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.17.1.s390x as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.s390x"
},
"product_reference": "libexpat1-2.4.4-150400.3.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.4.4-150400.3.17.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.x86_64"
},
"product_reference": "libexpat1-2.4.4-150400.3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52425"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52425",
"url": "https://www.suse.com/security/cve/CVE-2023-52425"
},
{
"category": "external",
"summary": "SUSE Bug 1219559 for CVE-2023-52425",
"url": "https://bugzilla.suse.com/1219559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-08T07:12:27Z",
"details": "moderate"
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2024-28757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28757"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28757",
"url": "https://www.suse.com/security/cve/CVE-2024-28757"
},
{
"category": "external",
"summary": "SUSE Bug 1221289 for CVE-2024-28757",
"url": "https://bugzilla.suse.com/1221289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.aarch64",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.ppc64le",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.s390x",
"SUSE Linux Enterprise Micro 5.5:libexpat1-2.4.4-150400.3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-04-08T07:12:27Z",
"details": "important"
}
],
"title": "CVE-2024-28757"
}
]
}
SUSE-SU-2025:20045-1
Vulnerability from csaf_suse - Published: 2025-02-03 08:54 - Updated: 2025-02-03 08:54Summary
Security update for expat
Severity
Important
Notes
Title of the patch: Security update for expat
Description of the patch: This update for expat fixes the following issues:
- CVE-2024-45492: detect integer overflow in function nextScaffoldPart (bsc#1229932)
- CVE-2024-45491: detect integer overflow in dtdCopy (bsc#1229931)
- CVE-2024-45490: reject negative len for XML_ParseBuffer (bsc#1229930)
- CVE-2024-28757: XML Entity Expansion attack when there is isolated use of external parsers (bsc#1221289)
Patchnames: SUSE-SLE-Micro-6.0-44
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for expat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for expat fixes the following issues:\n\n- CVE-2024-45492: detect integer overflow in function nextScaffoldPart (bsc#1229932) \n- CVE-2024-45491: detect integer overflow in dtdCopy (bsc#1229931)\n- CVE-2024-45490: reject negative len for XML_ParseBuffer (bsc#1229930)\n- CVE-2024-28757: XML Entity Expansion attack when there is isolated use of external parsers (bsc#1221289) \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-44",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20045-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20045-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520045-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20045-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021308.html"
},
{
"category": "self",
"summary": "SUSE Bug 1221289",
"url": "https://bugzilla.suse.com/1221289"
},
{
"category": "self",
"summary": "SUSE Bug 1229930",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "self",
"summary": "SUSE Bug 1229931",
"url": "https://bugzilla.suse.com/1229931"
},
{
"category": "self",
"summary": "SUSE Bug 1229932",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28757 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45490 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45491 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45492 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45492/"
}
],
"title": "Security update for expat",
"tracking": {
"current_release_date": "2025-02-03T08:54:55Z",
"generator": {
"date": "2025-02-03T08:54:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20045-1",
"initial_release_date": "2025-02-03T08:54:55Z",
"revision_history": [
{
"date": "2025-02-03T08:54:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.5.0-3.1.aarch64",
"product": {
"name": "libexpat1-2.5.0-3.1.aarch64",
"product_id": "libexpat1-2.5.0-3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.5.0-3.1.s390x",
"product": {
"name": "libexpat1-2.5.0-3.1.s390x",
"product_id": "libexpat1-2.5.0-3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.5.0-3.1.x86_64",
"product": {
"name": "libexpat1-2.5.0-3.1.x86_64",
"product_id": "libexpat1-2.5.0-3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.5.0-3.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64"
},
"product_reference": "libexpat1-2.5.0-3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.5.0-3.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x"
},
"product_reference": "libexpat1-2.5.0-3.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.5.0-3.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
},
"product_reference": "libexpat1-2.5.0-3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-28757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28757"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28757",
"url": "https://www.suse.com/security/cve/CVE-2024-28757"
},
{
"category": "external",
"summary": "SUSE Bug 1221289 for CVE-2024-28757",
"url": "https://bugzilla.suse.com/1221289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:55Z",
"details": "important"
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-45490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45490"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45490",
"url": "https://www.suse.com/security/cve/CVE-2024-45490"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229962 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:55Z",
"details": "moderate"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45491"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45491",
"url": "https://www.suse.com/security/cve/CVE-2024-45491"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229931 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:55Z",
"details": "moderate"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45492"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45492",
"url": "https://www.suse.com/security/cve/CVE-2024-45492"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229932 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "external",
"summary": "SUSE Bug 1229964 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.5.0-3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-02-03T08:54:55Z",
"details": "moderate"
}
],
"title": "CVE-2024-45492"
}
]
}
SUSE-SU-2025:20207-1
Vulnerability from csaf_suse - Published: 2025-04-29 11:07 - Updated: 2025-04-29 11:07Summary
Security update for expat
Severity
Important
Notes
Title of the patch: Security update for expat
Description of the patch: This update for expat fixes the following issues:
Version update to 2.7.1:
* Bug fixes:
* Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
* Other changes:
#976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
Version update to 2.7.0 (CVE-2024-8176 [bsc#1239618])
* Security fixes:
* CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("<e>&g1;</e>")
- general entities in attribute values ("<e k1='&g1;'/>")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
* Document changes since the previous release
* Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
Version update to 2.6.4:
* Security fixes: [bsc#1232601][bsc#1232579]
* CVE-2024-50602 -- Fix crash within function XML_ResumeParser
from a NULL pointer dereference by disallowing function
XML_StopParser to (stop or) suspend an unstarted parser.
A new error code XML_ERROR_NOT_STARTED was introduced to
properly communicate this situation. // CWE-476 CWE-754
* Other changes:
* Version info bumped from 10:3:9 (libexpat*.so.1.9.3)
to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/
for what these numbers do
Update to 2.6.3:
* Security fixes:
- CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with
len < 0 without noticing and then calling XML_GetBuffer
will have XML_ParseBuffer fail to recognize the problem
and XML_GetBuffer corrupt memory.
With the fix, XML_ParseBuffer now complains with error
XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
has been doing since Expat 2.2.1, and now documented.
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an
integer overflow for nDefaultAtts on 32-bit platforms
(where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can
have an integer overflow for m_groupSize on 32-bit
platforms (where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
* Other changes:
- Version info bumped from 10:2:9 (libexpat*.so.1.9.2)
to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/
for what these numbers do
Update to 2.6.2:
* CVE-2024-28757 -- Prevent billion laughs attacks with isolated
use of external parsers (bsc#1221289)
* Reject direct parameter entity recursion and avoid the related
undefined behavior
Update to 2.6.1:
* Expose billion laughs API with XML_DTD defined and XML_GE
undefined, regression from 2.6.0
* Make tests independent of CPU speed, and thus more robust
Update to 2.6.0:
* Security fixes:
- CVE-2023-52425 (bsc#1219559)
Fix quadratic runtime issues with big tokens
that can cause denial of service, in partial where
dealing with compressed XML input. Applications
that parsed a document in one go -- a single call to
functions XML_Parse or XML_ParseBuffer -- were not affected.
The smaller the chunks/buffers you use for parsing
previously, the bigger the problem prior to the fix.
Backporters should be careful to no omit parts of
pull request #789 and to include earlier pull request #771,
in order to not break the fix.
- CVE-2023-52426 (bsc#1219561)
Fix billion laughs attacks for users
compiling *without* XML_DTD defined (which is not common).
Users with XML_DTD defined have been protected since
Expat >=2.4.0 (and that was CVE-2013-0340 back then).
* Bug fixes:
- Fix parse-size-dependent "invalid token" error for
external entities that start with a byte order mark
- Fix NULL pointer dereference in setContext via
XML_ExternalEntityParserCreate for compilation with
XML_DTD undefined
- Protect against closing entities out of order
* Other changes:
- Improve support for arc4random/arc4random_buf
- Improve buffer growth in XML_GetBuffer and XML_Parse
- xmlwf: Support --help and --version
- xmlwf: Support custom buffer size for XML_GetBuffer and read
- xmlwf: Improve language and URL clickability in help output
- examples: Add new example "element_declarations.c"
- Be stricter about macro XML_CONTEXT_BYTES at build time
- Make inclusion to expat_config.h consistent
- Autotools: configure.ac: Support --disable-maintainer-mode
- Autotools: Sync CMake templates with CMake 3.26
- Autotools: Make installation of shipped man page doc/xmlwf.1
independent of docbook2man availability
- Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
section "Cflags.private" in order to fix compilation
against static libexpat using pkg-config on Windows
- Autotools|CMake: Require a C99 compiler
(a de-facto requirement already since Expat 2.2.2 of 2017)
- Autotools|CMake: Fix PACKAGE_BUGREPORT variable
- Autotools|CMake: Make test suite require a C++11 compiler
- CMake: Require CMake >=3.5.0
- CMake: Lowercase off_t and size_t to help a bug in Meson
- CMake: Sort xmlwf sources alphabetically
- CMake|Windows: Fix generation of DLL file version info
- CMake: Build tests/benchmark/benchmark.c as well for
a build with -DEXPAT_BUILD_TESTS=ON
- docs: Document the importance of isFinal + adjust tests
accordingly
- docs: Improve use of "NULL" and "null"
- docs: Be specific about version of XML (XML 1.0r4)
and version of C (C99); (XML 1.0r5 will need a sponsor.)
- docs: reference.html: Promote function XML_ParseBuffer more
- docs: reference.html: Add HTML anchors to XML_* macros
- docs: reference.html: Upgrade to OK.css 1.2.0
- docs: Fix typos
- docs|CI: Use HTTPS URLs instead of HTTP at various places
- Address compiler warnings
- Address clang-tidy warnings
- Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
for what these numbers do
Patchnames: SUSE-SLE-Micro-6.0-304
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for expat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for expat fixes the following issues:\n\nVersion update to 2.7.1:\n\n* Bug fixes:\n\n * Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0);\n affected API functions are:\n\n - XML_GetCurrentByteCount\n - XML_GetCurrentByteIndex\n - XML_GetCurrentColumnNumber\n - XML_GetCurrentLineNumber\n - XML_GetInputContext\n\n * Other changes:\n #976 #977 Autotools: Integrate files \"fuzz/xml_lpm_fuzzer.{cpp,proto}\"\n with Automake that were missing from 2.7.0 release tarballs\n #983 #984 Fix printf format specifiers for 32bit Emscripten\n #992 docs: Promote OpenSSF Best Practices self-certification\n #978 tests/benchmark: Resolve mistaken double close\n #986 Address compiler warnings\n #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)\n to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/\n for what these numbers do\n\n Infrastructure:\n #982 CI: Start running Perl XML::Parser integration tests\n #987 CI: Enforce Clang Static Analyzer clean code\n #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized\n for clang-tidy\n #981 CI: Cover compilation with musl\n #983 #984 CI: Cover compilation with 32bit Emscripten\n #976 #977 CI: Protect against fuzzer files missing from future\n release archives\n\nVersion update to 2.7.0 (CVE-2024-8176 [bsc#1239618])\n\n* Security fixes:\n * CVE-2024-8176 -- Fix crash from chaining a large number\n of entities caused by stack overflow by resolving use of\n recursion, for all three uses of entities:\n - general entities in character data (\"\u003ce\u003e\u0026g1;\u003c/e\u003e\")\n - general entities in attribute values (\"\u003ce k1=\u0027\u0026g1;\u0027/\u003e\")\n - parameter entities (\"%p1;\")\n\n Known impact is (reliable and easy) denial of service:\n\n CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C\n\n (Base Score: 7.5, Temporal Score: 7.2)\n\n Please note that a layer of compression around XML can\n significantly reduce the minimum attack payload size.\n\n * Other changes:\n * Document changes since the previous release\n * Version info bumped from 11:0:10 (libexpat*.so.1.10.0)\n to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/\n for what these numbers do\n\nVersion update to 2.6.4:\n\n * Security fixes: [bsc#1232601][bsc#1232579]\n * CVE-2024-50602 -- Fix crash within function XML_ResumeParser\n from a NULL pointer dereference by disallowing function\n XML_StopParser to (stop or) suspend an unstarted parser.\n A new error code XML_ERROR_NOT_STARTED was introduced to\n properly communicate this situation. // CWE-476 CWE-754\n * Other changes:\n * Version info bumped from 10:3:9 (libexpat*.so.1.9.3)\n to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/\n for what these numbers do\n\nUpdate to 2.6.3:\n\n * Security fixes:\n - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with\n len \u003c 0 without noticing and then calling XML_GetBuffer\n will have XML_ParseBuffer fail to recognize the problem\n and XML_GetBuffer corrupt memory.\n With the fix, XML_ParseBuffer now complains with error\n XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse\n has been doing since Expat 2.2.1, and now documented.\n Impact is denial of service to potentially artitrary code\n execution.\n - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an\n integer overflow for nDefaultAtts on 32-bit platforms\n (where UINT_MAX equals SIZE_MAX).\n Impact is denial of service to potentially artitrary code\n execution.\n - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can\n have an integer overflow for m_groupSize on 32-bit\n platforms (where UINT_MAX equals SIZE_MAX).\n Impact is denial of service to potentially artitrary code\n execution.\n\n * Other changes:\n\n - Version info bumped from 10:2:9 (libexpat*.so.1.9.2)\n to 10:3:9 (libexpat*.so.1.9.3); see https://verbump.de/\n for what these numbers do \n\nUpdate to 2.6.2:\n\n * CVE-2024-28757 -- Prevent billion laughs attacks with isolated\n use of external parsers (bsc#1221289)\n * Reject direct parameter entity recursion and avoid the related\n undefined behavior\n\nUpdate to 2.6.1:\n\n * Expose billion laughs API with XML_DTD defined and XML_GE\n undefined, regression from 2.6.0\n * Make tests independent of CPU speed, and thus more robust\n\nUpdate to 2.6.0: \n\n * Security fixes:\n - CVE-2023-52425 (bsc#1219559) \n Fix quadratic runtime issues with big tokens\n that can cause denial of service, in partial where\n dealing with compressed XML input. Applications\n that parsed a document in one go -- a single call to\n functions XML_Parse or XML_ParseBuffer -- were not affected.\n The smaller the chunks/buffers you use for parsing\n previously, the bigger the problem prior to the fix.\n Backporters should be careful to no omit parts of\n pull request #789 and to include earlier pull request #771,\n in order to not break the fix.\n - CVE-2023-52426 (bsc#1219561)\n Fix billion laughs attacks for users\n compiling *without* XML_DTD defined (which is not common).\n Users with XML_DTD defined have been protected since\n Expat \u003e=2.4.0 (and that was CVE-2013-0340 back then).\n * Bug fixes:\n - Fix parse-size-dependent \"invalid token\" error for\n external entities that start with a byte order mark\n - Fix NULL pointer dereference in setContext via\n XML_ExternalEntityParserCreate for compilation with\n XML_DTD undefined\n - Protect against closing entities out of order\n * Other changes:\n - Improve support for arc4random/arc4random_buf\n - Improve buffer growth in XML_GetBuffer and XML_Parse\n - xmlwf: Support --help and --version\n - xmlwf: Support custom buffer size for XML_GetBuffer and read\n - xmlwf: Improve language and URL clickability in help output\n - examples: Add new example \"element_declarations.c\"\n - Be stricter about macro XML_CONTEXT_BYTES at build time\n - Make inclusion to expat_config.h consistent\n - Autotools: configure.ac: Support --disable-maintainer-mode\n - Autotools: Sync CMake templates with CMake 3.26\n - Autotools: Make installation of shipped man page doc/xmlwf.1\n independent of docbook2man availability\n - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file\n section \"Cflags.private\" in order to fix compilation\n against static libexpat using pkg-config on Windows\n - Autotools|CMake: Require a C99 compiler\n (a de-facto requirement already since Expat 2.2.2 of 2017)\n - Autotools|CMake: Fix PACKAGE_BUGREPORT variable\n - Autotools|CMake: Make test suite require a C++11 compiler\n - CMake: Require CMake \u003e=3.5.0\n - CMake: Lowercase off_t and size_t to help a bug in Meson\n - CMake: Sort xmlwf sources alphabetically\n - CMake|Windows: Fix generation of DLL file version info\n - CMake: Build tests/benchmark/benchmark.c as well for\n a build with -DEXPAT_BUILD_TESTS=ON\n - docs: Document the importance of isFinal + adjust tests\n accordingly\n - docs: Improve use of \"NULL\" and \"null\"\n - docs: Be specific about version of XML (XML 1.0r4)\n and version of C (C99); (XML 1.0r5 will need a sponsor.)\n - docs: reference.html: Promote function XML_ParseBuffer more\n - docs: reference.html: Add HTML anchors to XML_* macros\n - docs: reference.html: Upgrade to OK.css 1.2.0\n - docs: Fix typos\n - docs|CI: Use HTTPS URLs instead of HTTP at various places\n - Address compiler warnings\n - Address clang-tidy warnings\n - Version info bumped from 9:10:8 (libexpat*.so.1.8.10)\n to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/\n for what these numbers do\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-304",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20207-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20207-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520207-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20207-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021128.html"
},
{
"category": "self",
"summary": "SUSE Bug 1219559",
"url": "https://bugzilla.suse.com/1219559"
},
{
"category": "self",
"summary": "SUSE Bug 1219561",
"url": "https://bugzilla.suse.com/1219561"
},
{
"category": "self",
"summary": "SUSE Bug 1221289",
"url": "https://bugzilla.suse.com/1221289"
},
{
"category": "self",
"summary": "SUSE Bug 1229930",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "self",
"summary": "SUSE Bug 1229931",
"url": "https://bugzilla.suse.com/1229931"
},
{
"category": "self",
"summary": "SUSE Bug 1229932",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "self",
"summary": "SUSE Bug 1232579",
"url": "https://bugzilla.suse.com/1232579"
},
{
"category": "self",
"summary": "SUSE Bug 1232601",
"url": "https://bugzilla.suse.com/1232601"
},
{
"category": "self",
"summary": "SUSE Bug 1239618",
"url": "https://bugzilla.suse.com/1239618"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0340 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15903 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52425 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52426 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28757 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45490 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45491 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45492 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50602 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8176/"
}
],
"title": "Security update for expat",
"tracking": {
"current_release_date": "2025-04-29T11:07:45Z",
"generator": {
"date": "2025-04-29T11:07:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20207-1",
"initial_release_date": "2025-04-29T11:07:45Z",
"revision_history": [
{
"date": "2025-04-29T11:07:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-1.1.aarch64",
"product": {
"name": "libexpat1-2.7.1-1.1.aarch64",
"product_id": "libexpat1-2.7.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-1.1.s390x",
"product": {
"name": "libexpat1-2.7.1-1.1.s390x",
"product_id": "libexpat1-2.7.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-1.1.x86_64",
"product": {
"name": "libexpat1-2.7.1-1.1.x86_64",
"product_id": "libexpat1-2.7.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-1.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64"
},
"product_reference": "libexpat1-2.7.1-1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x"
},
"product_reference": "libexpat1-2.7.1-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
},
"product_reference": "libexpat1-2.7.1-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0340"
}
],
"notes": [
{
"category": "general",
"text": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0340",
"url": "https://www.suse.com/security/cve/CVE-2013-0340"
},
{
"category": "external",
"summary": "SUSE Bug 805236 for CVE-2013-0340",
"url": "https://bugzilla.suse.com/805236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2013-0340"
},
{
"cve": "CVE-2019-15903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15903"
}
],
"notes": [
{
"category": "general",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15903",
"url": "https://www.suse.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "SUSE Bug 1149429 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154738"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "important"
}
],
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2023-52425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52425"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52425",
"url": "https://www.suse.com/security/cve/CVE-2023-52425"
},
{
"category": "external",
"summary": "SUSE Bug 1219559 for CVE-2023-52425",
"url": "https://bugzilla.suse.com/1219559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52426"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52426",
"url": "https://www.suse.com/security/cve/CVE-2023-52426"
},
{
"category": "external",
"summary": "SUSE Bug 1219561 for CVE-2023-52426",
"url": "https://bugzilla.suse.com/1219561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2024-28757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28757"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28757",
"url": "https://www.suse.com/security/cve/CVE-2024-28757"
},
{
"category": "external",
"summary": "SUSE Bug 1221289 for CVE-2024-28757",
"url": "https://bugzilla.suse.com/1221289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "important"
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-45490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45490"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45490",
"url": "https://www.suse.com/security/cve/CVE-2024-45490"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229962 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45491"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45491",
"url": "https://www.suse.com/security/cve/CVE-2024-45491"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229931 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45492"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45492",
"url": "https://www.suse.com/security/cve/CVE-2024-45492"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229932 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "external",
"summary": "SUSE Bug 1229964 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-50602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50602"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50602",
"url": "https://www.suse.com/security/cve/CVE-2024-50602"
},
{
"category": "external",
"summary": "SUSE Bug 1232579 for CVE-2024-50602",
"url": "https://bugzilla.suse.com/1232579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "moderate"
}
],
"title": "CVE-2024-50602"
},
{
"cve": "CVE-2024-8176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8176"
}
],
"notes": [
{
"category": "general",
"text": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8176",
"url": "https://www.suse.com/security/cve/CVE-2024-8176"
},
{
"category": "external",
"summary": "SUSE Bug 1239618 for CVE-2024-8176",
"url": "https://bugzilla.suse.com/1239618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.aarch64",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.s390x",
"SUSE Linux Micro 6.0:libexpat1-2.7.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-04-29T11:07:45Z",
"details": "important"
}
],
"title": "CVE-2024-8176"
}
]
}
SUSE-SU-2025:20311-1
Vulnerability from csaf_suse - Published: 2025-05-13 13:37 - Updated: 2025-05-13 13:37Summary
Security update for expat
Severity
Important
Notes
Title of the patch: Security update for expat
Description of the patch: This update for expat fixes the following issues:
Version update to 2.7.1:
Bug fixes:
#980 #989 Restore event pointer behavior from Expat 2.6.4
(that the fix to CVE-2024-8176 changed in 2.7.0);
affected API functions are:
- XML_GetCurrentByteCount
- XML_GetCurrentByteIndex
- XML_GetCurrentColumnNumber
- XML_GetCurrentLineNumber
- XML_GetInputContext
Other changes:
#976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}"
with Automake that were missing from 2.7.0 release tarballs
#983 #984 Fix printf format specifiers for 32bit Emscripten
#992 docs: Promote OpenSSF Best Practices self-certification
#978 tests/benchmark: Resolve mistaken double close
#986 Address compiler warnings
#990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)
to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/
for what these numbers do
Infrastructure:
#982 CI: Start running Perl XML::Parser integration tests
#987 CI: Enforce Clang Static Analyzer clean code
#991 CI: Re-enable warning clang-analyzer-valist.Uninitialized
for clang-tidy
#981 CI: Cover compilation with musl
#983 #984 CI: Cover compilation with 32bit Emscripten
#976 #977 CI: Protect against fuzzer files missing from future
release archives
version update to 2.7.0 (CVE-2024-8176 [bsc#1239618]):
* Security fixes:
#893 #973 CVE-2024-8176 -- Fix crash from chaining a large number
of entities caused by stack overflow by resolving use of
recursion, for all three uses of entities:
- general entities in character data ("<e>&g1;</e>")
- general entities in attribute values ("<e k1='&g1;'/>")
- parameter entities ("%p1;")
Known impact is (reliable and easy) denial of service:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C
(Base Score: 7.5, Temporal Score: 7.2)
Please note that a layer of compression around XML can
significantly reduce the minimum attack payload size.
* Other changes:
#935 #937 Autotools: Make generated CMake files look for
libexpat.@SO_MAJOR@.dylib on macOS
#925 Autotools: Sync CMake templates with CMake 3.29
#945 #962 #966 CMake: Drop support for CMake <3.13
#942 CMake: Small fuzzing related improvements
#921 docs: Add missing documentation of error code
XML_ERROR_NOT_STARTED that was introduced with 2.6.4
#941 docs: Document need for C++11 compiler for use from C++
#959 tests/benchmark: Fix a (harmless) TOCTTOU
#944 Windows: Fix installer target location of file xmlwf.xml
for CMake
#953 Windows: Address warning -Wunknown-warning-option
about -Wno-pedantic-ms-format from LLVM MinGW
#971 Address Cppcheck warnings
#969 #970 Mass-migrate links from http:// to https://
#947 #958 ..
#974 #975 Document changes since the previous release
#974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)
to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/
for what these numbers do
- no source changes, just adding jira reference: jsc#SLE-21253
Version update to 2.6.4
* Security fixes: [bsc#1232601][bsc#1232579]
#915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser
from a NULL pointer dereference by disallowing function
XML_StopParser to (stop or) suspend an unstarted parser.
A new error code XML_ERROR_NOT_STARTED was introduced to
properly communicate this situation. // CWE-476 CWE-754
* Other changes:
#903 CMake: Add alias target "expat::expat"
#905 docs: Document use via CMake >=3.18 with FetchContent
and SOURCE_SUBDIR and its consequences
#902 tests: Reduce use of global parser instance
#904 tests: Resolve duplicate handler
#317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903)
#914 Fix signedness of format strings
#919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3)
to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/
for what these numbers do
Update to 2.6.3:
* Security fixes:
- CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with
len < 0 without noticing and then calling XML_GetBuffer
will have XML_ParseBuffer fail to recognize the problem
and XML_GetBuffer corrupt memory.
With the fix, XML_ParseBuffer now complains with error
XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
has been doing since Expat 2.2.1, and now documented.
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an
integer overflow for nDefaultAtts on 32-bit platforms
(where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can
have an integer overflow for m_groupSize on 32-bit
platforms (where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
Update to 2.6.2:
* CVE-2024-28757 -- Prevent billion laughs attacks with isolated
use of external parsers (bsc#1221289)
* Reject direct parameter entity recursion and avoid the related
undefined behavior
Update to 2.6.1:
* Expose billion laughs API with XML_DTD defined and XML_GE
undefined, regression from 2.6.0
* Make tests independent of CPU speed, and thus more robust
Update to 2.6.0:
* Security fixes:
- CVE-2023-52425 (bsc#1219559)
-- Fix quadratic runtime issues with big tokens
that can cause denial of service, in partial where
dealing with compressed XML input. Applications
that parsed a document in one go -- a single call to
functions XML_Parse or XML_ParseBuffer -- were not affected.
The smaller the chunks/buffers you use for parsing
previously, the bigger the problem prior to the fix.
Backporters should be careful to no omit parts of
pull request #789 and to include earlier pull request #771,
in order to not break the fix.
- CVE-2023-52426 (bsc#1219561)
-- Fix billion laughs attacks for users
compiling *without* XML_DTD defined (which is not common).
Users with XML_DTD defined have been protected since
Expat >=2.4.0 (and that was CVE-2013-0340 back then).
* Bug fixes:
- Fix parse-size-dependent "invalid token" error for
external entities that start with a byte order mark
- Fix NULL pointer dereference in setContext via
XML_ExternalEntityParserCreate for compilation with
XML_DTD undefined
- Protect against closing entities out of order
* Other changes:
- Improve support for arc4random/arc4random_buf
- Improve buffer growth in XML_GetBuffer and XML_Parse
- xmlwf: Support --help and --version
- xmlwf: Support custom buffer size for XML_GetBuffer and read
- xmlwf: Improve language and URL clickability in help output
- examples: Add new example "element_declarations.c"
- Be stricter about macro XML_CONTEXT_BYTES at build time
- Make inclusion to expat_config.h consistent
- Autotools: configure.ac: Support --disable-maintainer-mode
- Autotools: Sync CMake templates with CMake 3.26
- Autotools: Make installation of shipped man page doc/xmlwf.1
independent of docbook2man availability
- Autotools|CMake: Add missing -DXML_STATIC to pkg-config file
section "Cflags.private" in order to fix compilation
against static libexpat using pkg-config on Windows
- Autotools|CMake: Require a C99 compiler
(a de-facto requirement already since Expat 2.2.2 of 2017)
- Autotools|CMake: Fix PACKAGE_BUGREPORT variable
- Autotools|CMake: Make test suite require a C++11 compiler
- CMake: Require CMake >=3.5.0
- CMake: Lowercase off_t and size_t to help a bug in Meson
- CMake: Sort xmlwf sources alphabetically
- CMake|Windows: Fix generation of DLL file version info
- CMake: Build tests/benchmark/benchmark.c as well for
a build with -DEXPAT_BUILD_TESTS=ON
- docs: Document the importance of isFinal + adjust tests
accordingly
- docs: Improve use of "NULL" and "null"
- docs: Be specific about version of XML (XML 1.0r4)
and version of C (C99); (XML 1.0r5 will need a sponsor.)
- docs: reference.html: Promote function XML_ParseBuffer more
- docs: reference.html: Add HTML anchors to XML_* macros
- docs: reference.html: Upgrade to OK.css 1.2.0
- docs: Fix typos
- docs|CI: Use HTTPS URLs instead of HTTP at various places
- Address compiler warnings
- Address clang-tidy warnings
- Version info bumped from 9:10:8 (libexpat*.so.1.8.10)
to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/
for what these numbers do
Patchnames: SUSE-SLE-Micro-6.1-108
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.2 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
49 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for expat",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for expat fixes the following issues:\n\nVersion update to 2.7.1:\n\n Bug fixes:\n\n #980 #989 Restore event pointer behavior from Expat 2.6.4\n (that the fix to CVE-2024-8176 changed in 2.7.0);\n affected API functions are:\n - XML_GetCurrentByteCount\n - XML_GetCurrentByteIndex\n - XML_GetCurrentColumnNumber\n - XML_GetCurrentLineNumber\n - XML_GetInputContext\n\n Other changes:\n\n #976 #977 Autotools: Integrate files \"fuzz/xml_lpm_fuzzer.{cpp,proto}\"\n with Automake that were missing from 2.7.0 release tarballs\n #983 #984 Fix printf format specifiers for 32bit Emscripten\n #992 docs: Promote OpenSSF Best Practices self-certification\n #978 tests/benchmark: Resolve mistaken double close\n #986 Address compiler warnings\n #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1)\n to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/\n for what these numbers do\n\n Infrastructure:\n\n #982 CI: Start running Perl XML::Parser integration tests\n #987 CI: Enforce Clang Static Analyzer clean code\n #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized\n for clang-tidy\n #981 CI: Cover compilation with musl\n #983 #984 CI: Cover compilation with 32bit Emscripten\n #976 #977 CI: Protect against fuzzer files missing from future\n release archives\n\nversion update to 2.7.0 (CVE-2024-8176 [bsc#1239618]):\n\n * Security fixes:\n\n #893 #973 CVE-2024-8176 -- Fix crash from chaining a large number\n of entities caused by stack overflow by resolving use of\n recursion, for all three uses of entities:\n - general entities in character data (\"\u003ce\u003e\u0026g1;\u003c/e\u003e\")\n - general entities in attribute values (\"\u003ce k1=\u0027\u0026g1;\u0027/\u003e\")\n - parameter entities (\"%p1;\")\n Known impact is (reliable and easy) denial of service:\n CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C\n (Base Score: 7.5, Temporal Score: 7.2)\n Please note that a layer of compression around XML can\n significantly reduce the minimum attack payload size.\n\n * Other changes:\n #935 #937 Autotools: Make generated CMake files look for\n libexpat.@SO_MAJOR@.dylib on macOS\n #925 Autotools: Sync CMake templates with CMake 3.29\n #945 #962 #966 CMake: Drop support for CMake \u003c3.13\n #942 CMake: Small fuzzing related improvements\n #921 docs: Add missing documentation of error code\n XML_ERROR_NOT_STARTED that was introduced with 2.6.4\n #941 docs: Document need for C++11 compiler for use from C++\n #959 tests/benchmark: Fix a (harmless) TOCTTOU\n #944 Windows: Fix installer target location of file xmlwf.xml\n for CMake\n #953 Windows: Address warning -Wunknown-warning-option\n about -Wno-pedantic-ms-format from LLVM MinGW\n #971 Address Cppcheck warnings\n #969 #970 Mass-migrate links from http:// to https://\n #947 #958 ..\n #974 #975 Document changes since the previous release\n #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0)\n to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/\n for what these numbers do\n\n- no source changes, just adding jira reference: jsc#SLE-21253\n\nVersion update to 2.6.4 \n\n * Security fixes: [bsc#1232601][bsc#1232579]\n #915 CVE-2024-50602 -- Fix crash within function XML_ResumeParser\n from a NULL pointer dereference by disallowing function\n XML_StopParser to (stop or) suspend an unstarted parser.\n A new error code XML_ERROR_NOT_STARTED was introduced to\n properly communicate this situation. // CWE-476 CWE-754\n * Other changes:\n #903 CMake: Add alias target \"expat::expat\"\n #905 docs: Document use via CMake \u003e=3.18 with FetchContent\n and SOURCE_SUBDIR and its consequences\n #902 tests: Reduce use of global parser instance\n #904 tests: Resolve duplicate handler\n #317 #918 tests: Improve tests on doctype closing (ex CVE-2019-15903)\n #914 Fix signedness of format strings\n #919 #920 Version info bumped from 10:3:9 (libexpat*.so.1.9.3)\n to 11:0:10 (libexpat*.so.1.10.0); see https://verbump.de/\n for what these numbers do\n\nUpdate to 2.6.3: \n\n * Security fixes:\n\n - CVE-2024-45490, bsc#1229930 -- Calling function XML_ParseBuffer with\n len \u003c 0 without noticing and then calling XML_GetBuffer\n will have XML_ParseBuffer fail to recognize the problem\n and XML_GetBuffer corrupt memory.\n With the fix, XML_ParseBuffer now complains with error\n XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse\n has been doing since Expat 2.2.1, and now documented.\n Impact is denial of service to potentially artitrary code\n execution.\n - CVE-2024-45491, bsc#1229931 -- Internal function dtdCopy can have an\n integer overflow for nDefaultAtts on 32-bit platforms\n (where UINT_MAX equals SIZE_MAX).\n Impact is denial of service to potentially artitrary code\n execution.\n - CVE-2024-45492, bsc#1229932 -- Internal function nextScaffoldPart can\n have an integer overflow for m_groupSize on 32-bit\n platforms (where UINT_MAX equals SIZE_MAX).\n Impact is denial of service to potentially artitrary code\n execution.\n\nUpdate to 2.6.2:\n\n * CVE-2024-28757 -- Prevent billion laughs attacks with isolated\n use of external parsers (bsc#1221289)\n * Reject direct parameter entity recursion and avoid the related\n undefined behavior\n\nUpdate to 2.6.1:\n\n * Expose billion laughs API with XML_DTD defined and XML_GE\n undefined, regression from 2.6.0\n * Make tests independent of CPU speed, and thus more robust\n\nUpdate to 2.6.0: \n\n * Security fixes:\n - CVE-2023-52425 (bsc#1219559) \n -- Fix quadratic runtime issues with big tokens\n that can cause denial of service, in partial where\n dealing with compressed XML input. Applications\n that parsed a document in one go -- a single call to\n functions XML_Parse or XML_ParseBuffer -- were not affected.\n The smaller the chunks/buffers you use for parsing\n previously, the bigger the problem prior to the fix.\n Backporters should be careful to no omit parts of\n pull request #789 and to include earlier pull request #771,\n in order to not break the fix.\n - CVE-2023-52426 (bsc#1219561)\n -- Fix billion laughs attacks for users\n compiling *without* XML_DTD defined (which is not common).\n Users with XML_DTD defined have been protected since\n Expat \u003e=2.4.0 (and that was CVE-2013-0340 back then).\n * Bug fixes:\n - Fix parse-size-dependent \"invalid token\" error for\n external entities that start with a byte order mark\n - Fix NULL pointer dereference in setContext via\n XML_ExternalEntityParserCreate for compilation with\n XML_DTD undefined\n - Protect against closing entities out of order\n * Other changes:\n - Improve support for arc4random/arc4random_buf\n - Improve buffer growth in XML_GetBuffer and XML_Parse\n - xmlwf: Support --help and --version\n - xmlwf: Support custom buffer size for XML_GetBuffer and read\n - xmlwf: Improve language and URL clickability in help output\n - examples: Add new example \"element_declarations.c\"\n - Be stricter about macro XML_CONTEXT_BYTES at build time\n - Make inclusion to expat_config.h consistent\n - Autotools: configure.ac: Support --disable-maintainer-mode\n - Autotools: Sync CMake templates with CMake 3.26\n - Autotools: Make installation of shipped man page doc/xmlwf.1\n independent of docbook2man availability\n - Autotools|CMake: Add missing -DXML_STATIC to pkg-config file\n section \"Cflags.private\" in order to fix compilation\n against static libexpat using pkg-config on Windows\n - Autotools|CMake: Require a C99 compiler\n (a de-facto requirement already since Expat 2.2.2 of 2017)\n - Autotools|CMake: Fix PACKAGE_BUGREPORT variable\n - Autotools|CMake: Make test suite require a C++11 compiler\n - CMake: Require CMake \u003e=3.5.0\n - CMake: Lowercase off_t and size_t to help a bug in Meson\n - CMake: Sort xmlwf sources alphabetically\n - CMake|Windows: Fix generation of DLL file version info\n - CMake: Build tests/benchmark/benchmark.c as well for\n a build with -DEXPAT_BUILD_TESTS=ON\n - docs: Document the importance of isFinal + adjust tests\n accordingly\n - docs: Improve use of \"NULL\" and \"null\"\n - docs: Be specific about version of XML (XML 1.0r4)\n and version of C (C99); (XML 1.0r5 will need a sponsor.)\n - docs: reference.html: Promote function XML_ParseBuffer more\n - docs: reference.html: Add HTML anchors to XML_* macros\n - docs: reference.html: Upgrade to OK.css 1.2.0\n - docs: Fix typos\n - docs|CI: Use HTTPS URLs instead of HTTP at various places\n - Address compiler warnings\n - Address clang-tidy warnings\n - Version info bumped from 9:10:8 (libexpat*.so.1.8.10)\n to 10:0:9 (libexpat*.so.1.9.0); see https://verbump.de/\n for what these numbers do\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-108",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_20311-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:20311-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202520311-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:20311-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021027.html"
},
{
"category": "self",
"summary": "SUSE Bug 1219559",
"url": "https://bugzilla.suse.com/1219559"
},
{
"category": "self",
"summary": "SUSE Bug 1219561",
"url": "https://bugzilla.suse.com/1219561"
},
{
"category": "self",
"summary": "SUSE Bug 1221289",
"url": "https://bugzilla.suse.com/1221289"
},
{
"category": "self",
"summary": "SUSE Bug 1229930",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "self",
"summary": "SUSE Bug 1229931",
"url": "https://bugzilla.suse.com/1229931"
},
{
"category": "self",
"summary": "SUSE Bug 1229932",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "self",
"summary": "SUSE Bug 1232579",
"url": "https://bugzilla.suse.com/1232579"
},
{
"category": "self",
"summary": "SUSE Bug 1232601",
"url": "https://bugzilla.suse.com/1232601"
},
{
"category": "self",
"summary": "SUSE Bug 1239618",
"url": "https://bugzilla.suse.com/1239618"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0340 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0340/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15903 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15903/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52425 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-52426 page",
"url": "https://www.suse.com/security/cve/CVE-2023-52426/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-28757 page",
"url": "https://www.suse.com/security/cve/CVE-2024-28757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45490 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45491 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45492 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45492/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-50602 page",
"url": "https://www.suse.com/security/cve/CVE-2024-50602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-8176 page",
"url": "https://www.suse.com/security/cve/CVE-2024-8176/"
}
],
"title": "Security update for expat",
"tracking": {
"current_release_date": "2025-05-13T13:37:27Z",
"generator": {
"date": "2025-05-13T13:37:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:20311-1",
"initial_release_date": "2025-05-13T13:37:27Z",
"revision_history": [
{
"date": "2025-05-13T13:37:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"product": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"product_id": "libexpat1-2.7.1-slfo.1.1_1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"product": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"product_id": "libexpat1-2.7.1-slfo.1.1_1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"product": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"product_id": "libexpat1-2.7.1-slfo.1.1_1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libexpat1-2.7.1-slfo.1.1_1.1.x86_64",
"product": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.x86_64",
"product_id": "libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64"
},
"product_reference": "libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le"
},
"product_reference": "libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x"
},
"product_reference": "libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libexpat1-2.7.1-slfo.1.1_1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
},
"product_reference": "libexpat1-2.7.1-slfo.1.1_1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-0340",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0340"
}
],
"notes": [
{
"category": "general",
"text": "expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0340",
"url": "https://www.suse.com/security/cve/CVE-2013-0340"
},
{
"category": "external",
"summary": "SUSE Bug 805236 for CVE-2013-0340",
"url": "https://bugzilla.suse.com/805236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2013-0340"
},
{
"cve": "CVE-2019-15903",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15903"
}
],
"notes": [
{
"category": "general",
"text": "In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15903",
"url": "https://www.suse.com/security/cve/CVE-2019-15903"
},
{
"category": "external",
"summary": "SUSE Bug 1149429 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1149429"
},
{
"category": "external",
"summary": "SUSE Bug 1154738 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154738"
},
{
"category": "external",
"summary": "SUSE Bug 1154806 for CVE-2019-15903",
"url": "https://bugzilla.suse.com/1154806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "important"
}
],
"title": "CVE-2019-15903"
},
{
"cve": "CVE-2023-52425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52425"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52425",
"url": "https://www.suse.com/security/cve/CVE-2023-52425"
},
{
"category": "external",
"summary": "SUSE Bug 1219559 for CVE-2023-52425",
"url": "https://bugzilla.suse.com/1219559"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-52426"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-52426",
"url": "https://www.suse.com/security/cve/CVE-2023-52426"
},
{
"category": "external",
"summary": "SUSE Bug 1219561 for CVE-2023-52426",
"url": "https://bugzilla.suse.com/1219561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2024-28757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-28757"
}
],
"notes": [
{
"category": "general",
"text": "libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-28757",
"url": "https://www.suse.com/security/cve/CVE-2024-28757"
},
{
"category": "external",
"summary": "SUSE Bug 1221289 for CVE-2024-28757",
"url": "https://bugzilla.suse.com/1221289"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "important"
}
],
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-45490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45490"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45490",
"url": "https://www.suse.com/security/cve/CVE-2024-45490"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229962 for CVE-2024-45490",
"url": "https://bugzilla.suse.com/1229962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2024-45490"
},
{
"cve": "CVE-2024-45491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45491"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45491",
"url": "https://www.suse.com/security/cve/CVE-2024-45491"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229931 for CVE-2024-45491",
"url": "https://bugzilla.suse.com/1229931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2024-45491"
},
{
"cve": "CVE-2024-45492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45492"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45492",
"url": "https://www.suse.com/security/cve/CVE-2024-45492"
},
{
"category": "external",
"summary": "SUSE Bug 1229930 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229930"
},
{
"category": "external",
"summary": "SUSE Bug 1229932 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229932"
},
{
"category": "external",
"summary": "SUSE Bug 1229964 for CVE-2024-45492",
"url": "https://bugzilla.suse.com/1229964"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2024-45492"
},
{
"cve": "CVE-2024-50602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-50602"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-50602",
"url": "https://www.suse.com/security/cve/CVE-2024-50602"
},
{
"category": "external",
"summary": "SUSE Bug 1232579 for CVE-2024-50602",
"url": "https://bugzilla.suse.com/1232579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "moderate"
}
],
"title": "CVE-2024-50602"
},
{
"cve": "CVE-2024-8176",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-8176"
}
],
"notes": [
{
"category": "general",
"text": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-8176",
"url": "https://www.suse.com/security/cve/CVE-2024-8176"
},
{
"category": "external",
"summary": "SUSE Bug 1239618 for CVE-2024-8176",
"url": "https://bugzilla.suse.com/1239618"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.aarch64",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.ppc64le",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.s390x",
"SUSE Linux Micro 6.1:libexpat1-2.7.1-slfo.1.1_1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-13T13:37:27Z",
"details": "important"
}
],
"title": "CVE-2024-8176"
}
]
}
WID-SEC-W-2024-0591
Vulnerability from csaf_certbund - Published: 2024-03-10 23:00 - Updated: 2025-11-25 23:00Summary
expat: Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Expat ist ein XML Parser, der in der Programmiersprache-C geschrieben ist.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in expat ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
NetApp ActiveIQ Unified Manager for VMware vSphere
NetApp / ActiveIQ Unified Manager
|
cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere
|
for VMware vSphere | |
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
OpenBSD OpenBSD 7.4
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.4
|
7.4 | |
|
OpenBSD OpenBSD 7.3
OpenBSD / OpenBSD
|
cpe:/a:openbsd:openbsd:7.3
|
7.3 | |
|
Dell PowerScale OneFS
Dell
|
cpe:/a:dell:powerscale_onefs:onefs
|
— | |
|
Insyde UEFI Firmware kernel
Insyde / UEFI Firmware
|
cpe:/h:insyde:uefi:kernel
|
kernel | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
NetApp Data ONTAP 9
NetApp / Data ONTAP
|
cpe:/a:netapp:data_ontap:9
|
9 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Open Source expat <2.6.2
Open Source / expat
|
<2.6.2 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
F5 BIG-IP
F5
|
cpe:/a:f5:big-ip:-
|
— | |
|
Hitachi Energy RTU500
Hitachi Energy
|
cpe:/h:abb:rtu500:-
|
— |
References
38 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Expat ist ein XML Parser, der in der Programmiersprache-C geschrieben ist.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in expat ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0591 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0591.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0591 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0591"
},
{
"category": "external",
"summary": "Red Hat Bugzilla vom 2024-03-10",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268766"
},
{
"category": "external",
"summary": "Red Hat Bugzilla vom 2024-03-10",
"url": "https://access.redhat.com/security/cve/CVE-2024-28757"
},
{
"category": "external",
"summary": "Github Security Advisory",
"url": "https://github.com/advisories/GHSA-ch5v-h69f-mxc8"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-AFB73E6F62 vom 2024-03-10",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-afb73e6f62"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-40B98C9CED vom 2024-03-10",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-40b98c9ced"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-4E6E660FAE vom 2024-03-10",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-4e6e660fae"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6694-1 vom 2024-03-14",
"url": "https://ubuntu.com/security/notices/USN-6694-1"
},
{
"category": "external",
"summary": "OpenBSD 7.4 Errata",
"url": "https://www.openbsd.org/errata74.html#015"
},
{
"category": "external",
"summary": "OpenBSD 7.3 Errata",
"url": "https://www.openbsd.org/errata73.html#027"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1530 vom 2024-03-26",
"url": "https://access.redhat.com/errata/RHSA-2024:1530"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-1530 vom 2024-03-27",
"url": "https://linux.oracle.com/errata/ELSA-2024-1530.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin",
"url": "https://www.ibm.com/support/pages/node/7149178"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:2633 vom 2024-05-01",
"url": "https://access.redhat.com/errata/RHSA-2024:2633"
},
{
"category": "external",
"summary": "Insyde Security Advisory INSYDE-SA-2024002 vom 2024-05-14",
"url": "https://www.insyde.com/security-pledge/SA-2024002"
},
{
"category": "external",
"summary": "F5 Security Advisory K000139637 vom 2024-05-16",
"url": "https://my.f5.com/manage/s/article/K000139637"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6985269 vom 2024-06-14",
"url": "https://www.ibm.com/support/pages/node/7157444"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3926 vom 2024-06-14",
"url": "https://access.redhat.com/errata/RHSA-2024:3926"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1129-2 vom 2024-08-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019237.html"
},
{
"category": "external",
"summary": "DELL Security Update for Dell PowerScale OneFS",
"url": "https://www.dell.com/support/kbdoc/en-us/000228207/dsa-2024-346-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-39D459DD00 vom 2024-09-10",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-39d459dd00"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-2B163F9201 vom 2024-09-10",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-2b163f9201"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-F750328C3B vom 2024-09-10",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-f750328c3b"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-308628EBB8 vom 2024-09-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-308628ebb8"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-F652468298 vom 2024-09-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-f652468298"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-1E6D6F8452 vom 2024-09-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-1e6d6f8452"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-7A069F48E4 vom 2024-09-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-7a069f48e4"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-6DEDBC5CF9 vom 2024-09-11",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-6dedbc5cf9"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-422 vom 2024-10-10",
"url": "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-001 vom 2025-01-13",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-001-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20311-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021027.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20207-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021128.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20045-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021308.html"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20240322-0001 vom 2025-06-27",
"url": "https://security.netapp.com/advisory/NTAP-20240322-0001"
},
{
"category": "external",
"summary": "Hitachi Cybersecurity Advisory vom 2025-09-09",
"url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000220\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=launch"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-21974 vom 2025-11-25",
"url": "https://linux.oracle.com/errata/ELSA-2025-21974.html"
}
],
"source_lang": "en-US",
"title": "expat: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2025-11-25T23:00:00.000+00:00",
"generator": {
"date": "2025-11-26T11:15:46.432+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-0591",
"initial_release_date": "2024-03-10T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-03-10T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-03-11T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-03-14T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-03-18T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-03-26T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-04-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-01T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-05-13T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Insyde aufgenommen"
},
{
"date": "2024-05-15T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2024-06-13T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM und Red Hat aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-19T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-09-01T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-09-10T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-09-11T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-10-09T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-06-03T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-06-29T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2025-07-31T22:00:00.000+00:00",
"number": "21",
"summary": "Referenz(en) aufgenommen:"
},
{
"date": "2025-09-08T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2025-11-25T23:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "23"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Dell PowerScale OneFS",
"product": {
"name": "Dell PowerScale OneFS",
"product_id": "T034610",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerscale_onefs:onefs"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Hitachi Energy RTU500",
"product": {
"name": "Hitachi Energy RTU500",
"product_id": "T027844",
"product_identification_helper": {
"cpe": "cpe:/h:abb:rtu500:-"
}
}
}
],
"category": "vendor",
"name": "Hitachi Energy"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "1139691",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "IBM VIOS 4.1",
"product_id": "1522854",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:4.1"
}
}
}
],
"category": "product_name",
"name": "VIOS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel",
"product": {
"name": "Insyde UEFI Firmware kernel",
"product_id": "T034716",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:kernel"
}
}
}
],
"category": "product_name",
"name": "UEFI Firmware"
}
],
"category": "vendor",
"name": "Insyde"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "for VMware vSphere",
"product": {
"name": "NetApp ActiveIQ Unified Manager for VMware vSphere",
"product_id": "T025152",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:for_vmware_vsphere"
}
}
}
],
"category": "product_name",
"name": "ActiveIQ Unified Manager"
},
{
"branches": [
{
"category": "product_version",
"name": "9",
"product": {
"name": "NetApp Data ONTAP 9",
"product_id": "T039981",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:9"
}
}
}
],
"category": "product_name",
"name": "Data ONTAP"
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2.6.2",
"product": {
"name": "Open Source expat \u003c2.6.2",
"product_id": "T033352"
}
},
{
"category": "product_version",
"name": "2.6.2",
"product": {
"name": "Open Source expat 2.6.2",
"product_id": "T033352-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:expat:expat:2.6.2"
}
}
}
],
"category": "product_name",
"name": "expat"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.4",
"product": {
"name": "OpenBSD OpenBSD 7.4",
"product_id": "T033213",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:openbsd:7.4"
}
}
},
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "OpenBSD OpenBSD 7.3",
"product_id": "T033214",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:openbsd:7.3"
}
}
}
],
"category": "product_name",
"name": "OpenBSD"
}
],
"category": "vendor",
"name": "OpenBSD"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v9 for Solaris",
"product": {
"name": "Xerox FreeFlow Print Server v9 for Solaris",
"product_id": "T028053",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9_for_solaris"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-28757",
"product_status": {
"known_affected": [
"T025152",
"T028053",
"T033213",
"T033214",
"T034610",
"T034716",
"67646",
"1522854",
"T004914",
"T039981",
"74185",
"T033352",
"T032495",
"1139691",
"T002207",
"T000126",
"T001663",
"T027844"
]
},
"release_date": "2024-03-10T23:00:00.000+00:00",
"title": "CVE-2024-28757"
}
]
}
WID-SEC-W-2024-1360
Vulnerability from csaf_certbund - Published: 2024-06-11 22:00 - Updated: 2024-12-01 23:00Summary
IBM DB2: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.
Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuführen, beliebigen Code auszuführen und vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
In IBM DB2 besteht eine Schwachstelle. Dieser Fehler betrifft die Expat-Bibliothek aufgrund einer unsachgemäßen Behandlung von XML External Entity (XXE)-Deklarationen durch die Funktion XML_ExternalEntityParserCreate, was zur Offenlegung vertraulicher Informationen führt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben und diese Informationen für weitere Angriffe zu verwenden.
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
IBM DB2 <V10.5
IBM / DB2
|
<V10.5 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in der Open-Source-Bibliothek commons-configuration2 bei Verwendung des NoSQL-Hadoop-Wrappers aufgrund eines Out-of-Bounds-Write-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen.
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in der Open-Source-Bibliothek commons-configuration2 bei Verwendung des NoSQL-Hadoop-Wrappers aufgrund eines Out-of-Bounds-Write-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausführung von beliebigem Code ausnutzen.
Affected products
Known affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM DB2 <V11.5
IBM / DB2
|
<V11.5 | ||
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 | |
|
Atlassian Confluence Data Center <8.9.3
Atlassian / Confluence
|
Data Center <8.9.3 | ||
|
HCL Commerce
HCL
|
cpe:/a:hcltechsw:commerce:-
|
— | |
|
IBM Tivoli Key Lifecycle Manager
IBM
|
cpe:/a:ibm:tivoli_key_lifecycle_manager:-
|
— | |
|
IBM Tivoli Business Service Manager <6.2.0.5 IF5
IBM / Tivoli Business Service Manager
|
<6.2.0.5 IF5 | ||
|
IBM DB2 <V11.1
IBM / DB2
|
<V11.1 | ||
|
Atlassian Confluence <7.19.24 LTS
Atlassian / Confluence
|
<7.19.24 LTS | ||
|
Atlassian Confluence <8.5.11 LTS
Atlassian / Confluence
|
<8.5.11 LTS |
References
16 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM DB2 ist ein relationales Datenbanksystem (RDBS) von IBM.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in IBM DB2 ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, beliebigen Code auszuf\u00fchren und vertrauliche Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1360 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1360.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1360 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1360"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156844 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156844"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156845 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156845"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156846 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156846"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156847 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156847"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156848 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156848"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156849 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156849"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156850 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156850"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156851 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156851"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7156852 vom 2024-06-11",
"url": "https://www.ibm.com/support/pages/node/7156852"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - June 18 2024",
"url": "https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7159926 vom 2024-07-10",
"url": "https://www.ibm.com/support/pages/node/7159926"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7167605 vom 2024-09-05",
"url": "https://www.ibm.com/support/pages/node/7167605"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7168022 vom 2024-09-10",
"url": "https://www.ibm.com/support/pages/node/7168022"
},
{
"category": "external",
"summary": "HCL Security Advisory vom 2024-11-30",
"url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=ab451f7ffb0a5210db10f2797befdcca"
}
],
"source_lang": "en-US",
"title": "IBM DB2: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-12-01T23:00:00.000+00:00",
"generator": {
"date": "2024-12-02T09:04:01.365+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.8"
}
},
"id": "WID-SEC-W-2024-1360",
"initial_release_date": "2024-06-11T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-18T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-09-10T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM und IBM-APAR aufgenommen"
},
{
"date": "2024-12-01T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von HCL aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c8.9.3",
"product": {
"name": "Atlassian Confluence Data Center \u003c8.9.3",
"product_id": "T035527"
}
},
{
"category": "product_version",
"name": "Data Center 8.9.3",
"product": {
"name": "Atlassian Confluence Data Center 8.9.3",
"product_id": "T035527-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center__8.9.3"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.11 LTS",
"product": {
"name": "Atlassian Confluence \u003c8.5.11 LTS",
"product_id": "T035530"
}
},
{
"category": "product_version",
"name": "8.5.11 LTS",
"product": {
"name": "Atlassian Confluence 8.5.11 LTS",
"product_id": "T035530-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:8.5.11_lts"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.19.24 LTS",
"product": {
"name": "Atlassian Confluence \u003c7.19.24 LTS",
"product_id": "T035531"
}
},
{
"category": "product_version",
"name": "7.19.24 LTS",
"product": {
"name": "Atlassian Confluence 7.19.24 LTS",
"product_id": "T035531-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:7.19.24_lts"
}
}
}
],
"category": "product_name",
"name": "Confluence"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "HCL Commerce",
"product": {
"name": "HCL Commerce",
"product_id": "T019293",
"product_identification_helper": {
"cpe": "cpe:/a:hcltechsw:commerce:-"
}
}
}
],
"category": "vendor",
"name": "HCL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV10.5",
"product": {
"name": "IBM DB2 \u003cV10.5",
"product_id": "T035400"
}
},
{
"category": "product_version",
"name": "V10.5",
"product": {
"name": "IBM DB2 V10.5",
"product_id": "T035400-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:v10.5"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV11.1",
"product": {
"name": "IBM DB2 \u003cV11.1",
"product_id": "T035401"
}
},
{
"category": "product_version",
"name": "V11.1",
"product": {
"name": "IBM DB2 V11.1",
"product_id": "T035401-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:v11.1"
}
}
},
{
"category": "product_version_range",
"name": "\u003cV11.5",
"product": {
"name": "IBM DB2 \u003cV11.5",
"product_id": "T035402"
}
},
{
"category": "product_version",
"name": "V11.5",
"product": {
"name": "IBM DB2 V11.5",
"product_id": "T035402-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:db2:v11.5"
}
}
}
],
"category": "product_name",
"name": "DB2"
},
{
"branches": [
{
"category": "product_version",
"name": "9.2",
"product": {
"name": "IBM License Metric Tool 9.2",
"product_id": "T027649",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:9.2"
}
}
}
],
"category": "product_name",
"name": "License Metric Tool"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c6.2.0.5 IF5",
"product": {
"name": "IBM Tivoli Business Service Manager \u003c6.2.0.5 IF5",
"product_id": "T037436"
}
},
{
"category": "product_version",
"name": "6.2.0.5 IF5",
"product": {
"name": "IBM Tivoli Business Service Manager 6.2.0.5 IF5",
"product_id": "T037436-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_business_service_manager:6.2.0.5_if5"
}
}
}
],
"category": "product_name",
"name": "Tivoli Business Service Manager"
},
{
"category": "product_name",
"name": "IBM Tivoli Key Lifecycle Manager",
"product": {
"name": "IBM Tivoli Key Lifecycle Manager",
"product_id": "T026238",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_key_lifecycle_manager:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-29267",
"notes": [
{
"category": "description",
"text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T035402",
"T027649",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2023-29267"
},
{
"cve": "CVE-2023-45853",
"notes": [
{
"category": "description",
"text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T035402",
"T027649",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2023-45853"
},
{
"cve": "CVE-2024-25710",
"notes": [
{
"category": "description",
"text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T035402",
"T027649",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-25710"
},
{
"cve": "CVE-2024-26308",
"notes": [
{
"category": "description",
"text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T035402",
"T027649",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-26308"
},
{
"cve": "CVE-2024-28762",
"notes": [
{
"category": "description",
"text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T035402",
"T027649",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-28762"
},
{
"cve": "CVE-2024-29025",
"notes": [
{
"category": "description",
"text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T035402",
"T027649",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-29025"
},
{
"cve": "CVE-2024-31880",
"notes": [
{
"category": "description",
"text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T035402",
"T027649",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-31880"
},
{
"cve": "CVE-2024-31881",
"notes": [
{
"category": "description",
"text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in verschiedenen Komponenten wie MiniZip, dem NoSQL-Blockchain-Wrapper, der compress-Bibliothek oder der netty-codec-http-Bibliothek aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Heap-Based-Buffer Overflow, einem Infinite-Loop-Fehler oder einem Out-of-Memory-Fehler. Ein entfernter, authentisierter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen. Einige der Schwachstellen erfordern Benutzerinteraktion oder niedrige Privilegien, um erfolgreich ausgenutzt zu werden."
}
],
"product_status": {
"known_affected": [
"T035402",
"T027649",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-31881"
},
{
"cve": "CVE-2024-28757",
"notes": [
{
"category": "description",
"text": "In IBM DB2 besteht eine Schwachstelle. Dieser Fehler betrifft die Expat-Bibliothek aufgrund einer unsachgem\u00e4\u00dfen Behandlung von XML External Entity (XXE)-Deklarationen durch die Funktion XML_ExternalEntityParserCreate, was zur Offenlegung vertraulicher Informationen f\u00fchrt. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen preiszugeben und diese Informationen f\u00fcr weitere Angriffe zu verwenden."
}
],
"product_status": {
"known_affected": [
"T027649",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035400",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-29131",
"notes": [
{
"category": "description",
"text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in der Open-Source-Bibliothek commons-configuration2 bei Verwendung des NoSQL-Hadoop-Wrappers aufgrund eines Out-of-Bounds-Write-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
}
],
"product_status": {
"known_affected": [
"T035402",
"T027649",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-29131"
},
{
"cve": "CVE-2024-29133",
"notes": [
{
"category": "description",
"text": "In IBM DB2 bestehen mehrere Schwachstellen. Diese Fehler bestehen in der Open-Source-Bibliothek commons-configuration2 bei Verwendung des NoSQL-Hadoop-Wrappers aufgrund eines Out-of-Bounds-Write-Problems. Ein entfernter, anonymer Angreifer kann diese Schwachstellen zur Ausf\u00fchrung von beliebigem Code ausnutzen."
}
],
"product_status": {
"known_affected": [
"T035402",
"T027649",
"T035527",
"T019293",
"T026238",
"T037436",
"T035401",
"T035531",
"T035530"
]
},
"release_date": "2024-06-11T22:00:00.000+00:00",
"title": "CVE-2024-29133"
}
]
}
WID-SEC-W-2024-1474
Vulnerability from csaf_certbund - Published: 2024-06-27 22:00 - Updated: 2025-08-26 22:00Summary
Red Hat OpenShift Container Platform: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat OpenShift ist eine "Platform as a Service" (PaaS) Lösung zur Bereitstellung von Applikationen in der Cloud.
Angriff: Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder Daten zu manipulieren.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
Affected products
Known affected
23 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
Red Hat OpenShift Container Platform <4.12.63
Red Hat / OpenShift
|
Container Platform <4.12.63 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.1
Red Hat / OpenShift
|
Container Platform <4.16.1 | ||
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— | |
|
Red Hat OpenShift Container Platform <4.15.28
Red Hat / OpenShift
|
Container Platform <4.15.28 | ||
|
Red Hat OpenShift Container Platform <4.14.38
Red Hat / OpenShift
|
Container Platform <4.14.38 | ||
|
Red Hat OpenShift <4.16.24
Red Hat / OpenShift
|
<4.16.24 | ||
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Run Once Duration Override Operator 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:run_once_duration_override_operator_1
|
Run Once Duration Override Operator 1 | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.16.0
Red Hat / OpenShift
|
Container Platform <4.16.0 | ||
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat OpenShift API for Data Protection 1
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:api_for_data_protection_1
|
API for Data Protection 1 | |
|
Red Hat OpenShift Virtualization <4.15.5
Red Hat / OpenShift
|
Virtualization <4.15.5 | ||
|
Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4
|
Advanced Cluster Security for Kubernetes 4 | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat OpenShift Secondary Scheduler Operator
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:::secondary_scheduler_operator
|
Secondary Scheduler Operator | |
|
Red Hat OpenShift Kube Descheduler Operator 5
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:kube_descheduler_operator_5
|
Kube Descheduler Operator 5 | |
|
Red Hat OpenShift Container Platform <4.16.23
Red Hat / OpenShift
|
Container Platform <4.16.23 | ||
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.10
Red Hat / OpenShift
|
Container Platform <4.18.10 |
References
66 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat OpenShift ist eine \"Platform as a Service\" (PaaS) L\u00f6sung zur Bereitstellung von Applikationen in der Cloud.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Red Hat OpenShift ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen, vertrauliche Informationen offenzulegen oder Daten zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1474 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1474.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1474 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1474"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0040 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:0040"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0041 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:0041"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0043 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:0043"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:0045 vom 2024-06-27",
"url": "https://access.redhat.com/errata/RHSA-2024:0045"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3637 vom 2024-07-01",
"url": "https://access.redhat.com/errata/RHSA-2024:3637"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3617 vom 2024-07-01",
"url": "https://access.redhat.com/errata/RHSA-2024:3617"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:1616 vom 2024-07-01",
"url": "https://access.redhat.com/errata/RHSA-2024:1616"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:3968 vom 2024-07-02",
"url": "https://errata.build.resf.org/RLSA-2024:3968"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4150 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4150"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4159 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4159"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-BD8FE42929 vom 2024-07-06",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-bd8fe42929"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4591 vom 2024-07-17",
"url": "https://access.redhat.com/errata/RHSA-2024:4591"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4613 vom 2024-07-25",
"url": "https://access.redhat.com/errata/RHSA-2024:4613"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4699 vom 2024-07-25",
"url": "https://access.redhat.com/errata/RHSA-2024:4699"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4850 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4850"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4846 vom 2024-07-31",
"url": "https://access.redhat.com/errata/RHSA-2024:4846"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4960 vom 2024-08-07",
"url": "https://access.redhat.com/errata/RHSA-2024:4960"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5094 vom 2024-08-08",
"url": "https://access.redhat.com/errata/RHSA-2024:5094"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5258 vom 2024-08-13",
"url": "https://access.redhat.com/errata/RHSA-2024:5258"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASNITRO-ENCLAVES-2024-042 vom 2024-08-13",
"url": "https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2024-042.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5294 vom 2024-08-14",
"url": "https://access.redhat.com/errata/RHSA-2024:5294"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5294 vom 2024-08-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-5294.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5258 vom 2024-08-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-5258.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5200 vom 2024-08-19",
"url": "https://access.redhat.com/errata/RHSA-2024:5200"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5202 vom 2024-08-19",
"url": "https://access.redhat.com/errata/RHSA-2024:5202"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5438 vom 2024-08-21",
"url": "https://access.redhat.com/errata/RHSA-2024:5438"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5951 vom 2024-08-28",
"url": "https://access.redhat.com/errata/RHSA-2024:5951"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6054 vom 2024-08-30",
"url": "https://access.redhat.com/errata/RHSA-2024:6054"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6708 vom 2024-09-16",
"url": "https://access.redhat.com/errata/RHSA-2024:6708"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6755 vom 2024-09-18",
"url": "https://access.redhat.com/errata/RHSA-2024:6755"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6687 vom 2024-09-19",
"url": "https://access.redhat.com/errata/RHSA-2024:6687"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6824 vom 2024-09-24",
"url": "https://access.redhat.com/errata/RHSA-2024:6824"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7164 vom 2024-09-26",
"url": "https://access.redhat.com/errata/RHSA-2024:7164"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7179 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7179"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7174 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7174"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7179 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7182"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3718 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:3718"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7436 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:7436"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:3717 vom 2024-10-02",
"url": "https://access.redhat.com/errata/RHSA-2024:3717"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7187 vom 2024-10-03",
"url": "https://access.redhat.com/errata/RHSA-2024:7187"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7184 vom 2024-10-03",
"url": "https://access.redhat.com/errata/RHSA-2024:7184"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7323 vom 2024-10-07",
"url": "https://access.redhat.com/errata/RHSA-2024:7323"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8040 vom 2024-10-14",
"url": "https://access.redhat.com/errata/RHSA-2024:8040"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7922 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:7922"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:7939 vom 2024-10-16",
"url": "https://access.redhat.com/errata/RHSA-2024:7941"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8260 vom 2024-10-24",
"url": "https://access.redhat.com/errata/RHSA-2024:8260"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8534 vom 2024-10-28",
"url": "https://access.redhat.com/errata/RHSA-2024:8534"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8434 vom 2024-10-29",
"url": "https://access.redhat.com/errata/RHSA-2024:8434"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8425 vom 2024-10-31",
"url": "https://access.redhat.com/errata/RHSA-2024:8425"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8676 vom 2024-10-30",
"url": "https://access.redhat.com/errata/RHSA-2024:8676"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9181 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9181"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9098 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9098"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9097 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9097"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9102 vom 2024-11-12",
"url": "https://access.redhat.com/errata/RHSA-2024:9102"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9960 vom 2024-11-19",
"url": "https://access.redhat.com/errata/RHSA-2024:9960"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:9615 vom 2024-11-20",
"url": "https://access.redhat.com/errata/RHSA-2024:9615"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:10147 vom 2024-11-26",
"url": "https://access.redhat.com/errata/RHSA-2024:10147"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:8704 vom 2024-12-02",
"url": "https://access.redhat.com/errata/RHSA-2024:8704"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:11293 vom 2024-12-17",
"url": "https://access.redhat.com/errata/RHSA-2024:11293"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6122 vom 2025-02-25",
"url": "https://access.redhat.com/errata/RHSA-2024:6122"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:4019 vom 2025-04-23",
"url": "https://access.redhat.com/errata/RHSA-2025:4019"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20013-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021364.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20055-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021310.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0323-1 vom 2025-08-26",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TAOZOXVVSHLUMSNGQ4WCSWQAB5DM7EZH/"
}
],
"source_lang": "en-US",
"title": "Red Hat OpenShift Container Platform: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-08-26T22:00:00.000+00:00",
"generator": {
"date": "2025-08-27T11:46:37.250+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-1474",
"initial_release_date": "2024-06-27T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-06-27T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-30T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2024-07-03T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-07T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2024-07-17T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-25T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-30T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-07T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-12T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-13T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-08-14T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-08-18T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-20T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-28T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-29T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-16T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-18T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-24T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-25T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-01T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-03T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-07T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-13T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-15T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-16T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-23T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-28T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-29T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-30T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-11T23:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-18T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-19T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-11-26T23:00:00.000+00:00",
"number": "36",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-02T23:00:00.000+00:00",
"number": "37",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-12-17T23:00:00.000+00:00",
"number": "38",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-02-24T23:00:00.000+00:00",
"number": "39",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-04-22T22:00:00.000+00:00",
"number": "40",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "41",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-08-26T22:00:00.000+00:00",
"number": "42",
"summary": "Neue Updates von openSUSE aufgenommen"
}
],
"status": "final",
"version": "42"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform",
"product": {
"name": "Red Hat Ansible Automation Platform",
"product_id": "T031834",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "Advanced Cluster Security for Kubernetes 4",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
"product_id": "T027916",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
}
}
},
{
"category": "product_version",
"name": "Advanced Cluster Security for Kubernetes 4",
"product": {
"name": "Red Hat Enterprise Linux Advanced Cluster Security for Kubernetes 4",
"product_id": "T033787",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:advanced_cluster_security_for_kubernetes_4"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "Secondary Scheduler Operator",
"product": {
"name": "Red Hat OpenShift Secondary Scheduler Operator",
"product_id": "T027759",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:::secondary_scheduler_operator"
}
}
},
{
"category": "product_version",
"name": "Kube Descheduler Operator 5",
"product": {
"name": "Red Hat OpenShift Kube Descheduler Operator 5",
"product_id": "T033270",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:kube_descheduler_operator_5"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.0",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.0",
"product_id": "T035697"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.0",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.0",
"product_id": "T035697-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.0"
}
}
},
{
"category": "product_version",
"name": "Run Once Duration Override Operator 1",
"product": {
"name": "Red Hat OpenShift Run Once Duration Override Operator 1",
"product_id": "T035698",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:run_once_duration_override_operator_1"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.1",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.1",
"product_id": "T035804"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.1",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.1",
"product_id": "T035804-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.1"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.63",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.63",
"product_id": "T036942"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.63",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.63",
"product_id": "T036942-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.63"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.15.28",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.15.28",
"product_id": "T036960"
}
},
{
"category": "product_version",
"name": "Container Platform 4.15.28",
"product": {
"name": "Red Hat OpenShift Container Platform 4.15.28",
"product_id": "T036960-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.15.28"
}
}
},
{
"category": "product_version_range",
"name": "Virtualization \u003c4.15.5",
"product": {
"name": "Red Hat OpenShift Virtualization \u003c4.15.5",
"product_id": "T037141"
}
},
{
"category": "product_version",
"name": "Virtualization 4.15.5",
"product": {
"name": "Red Hat OpenShift Virtualization 4.15.5",
"product_id": "T037141-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:virtualization__4.15.5"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.14.38",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.14.38",
"product_id": "T037940"
}
},
{
"category": "product_version",
"name": "Container Platform 4.14.38",
"product": {
"name": "Red Hat OpenShift Container Platform 4.14.38",
"product_id": "T037940-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.14.38"
}
}
},
{
"category": "product_version",
"name": "API for Data Protection 1",
"product": {
"name": "Red Hat OpenShift API for Data Protection 1",
"product_id": "T039224",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:api_for_data_protection_1"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.16.23",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.16.23",
"product_id": "T039272"
}
},
{
"category": "product_version",
"name": "Container Platform 4.16.23",
"product": {
"name": "Red Hat OpenShift Container Platform 4.16.23",
"product_id": "T039272-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.16.23"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.16.24",
"product": {
"name": "Red Hat OpenShift \u003c4.16.24",
"product_id": "T039438"
}
},
{
"category": "product_version",
"name": "4.16.24",
"product": {
"name": "Red Hat OpenShift 4.16.24",
"product_id": "T039438-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.16.24"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.18.10",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.18.10",
"product_id": "T043077"
}
},
{
"category": "product_version",
"name": "Container Platform 4.18.10",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18.10",
"product_id": "T043077-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.18.10"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-25210",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2019-25210"
},
{
"cve": "CVE-2023-29483",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-29483"
},
{
"cve": "CVE-2023-45142",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-45142"
},
{
"cve": "CVE-2023-45289",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-45289"
},
{
"cve": "CVE-2023-45290",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-45290"
},
{
"cve": "CVE-2023-47108",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-47108"
},
{
"cve": "CVE-2023-48795",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-52425",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2024-0874",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-0874"
},
{
"cve": "CVE-2024-1394",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-1394"
},
{
"cve": "CVE-2024-22189",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-22189"
},
{
"cve": "CVE-2024-2398",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-2398"
},
{
"cve": "CVE-2024-24783",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-24783"
},
{
"cve": "CVE-2024-24784",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-24784"
},
{
"cve": "CVE-2024-24785",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-24785"
},
{
"cve": "CVE-2024-24786",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-24786"
},
{
"cve": "CVE-2024-28110",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28110"
},
{
"cve": "CVE-2024-28176",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28176"
},
{
"cve": "CVE-2024-28180",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28180"
},
{
"cve": "CVE-2024-28757",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28757"
},
{
"cve": "CVE-2024-28849",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-28849"
},
{
"cve": "CVE-2024-29180",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-29180"
},
{
"cve": "CVE-2024-3177",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-3177"
},
{
"cve": "CVE-2024-3727",
"product_status": {
"known_affected": [
"T033787",
"T036942",
"67646",
"T035804",
"T031834",
"T036960",
"T037940",
"T039438",
"T004914",
"T035698",
"T032255",
"T035697",
"74185",
"T039224",
"T037141",
"T027916",
"T002207",
"T027759",
"T033270",
"T039272",
"T027843",
"398363",
"T043077"
]
},
"release_date": "2024-06-27T22:00:00.000+00:00",
"title": "CVE-2024-3727"
}
]
}
WID-SEC-W-2024-3377
Vulnerability from csaf_certbund - Published: 2024-11-07 23:00 - Updated: 2025-10-12 22:00Summary
Dell PowerProtect Data Domain: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Dell PowerProtect Data Domain Appliances sind speziell für Backup und Daten-Deduplizierung ausgelegte Systeme.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in Dell PowerProtect Data Domain ausnutzen, um seine Privilegien zu erhöhen, Informationen offenzulegen und um nicht näher beschriebene Auswirkungen zu erzielen.
Betroffene Betriebssysteme: - Sonstiges
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Dell PowerProtect Data Domain Management Center
Dell
|
cpe:/a:dell:powerprotect_data_domain_management_center:-
|
— | |
|
Dell PowerProtect Data Domain
Dell / PowerProtect Data Domain
|
cpe:/a:dell:powerprotect_data_domain:-
|
— | |
|
Dell PowerProtect Data Domain OS
Dell
|
cpe:/o:dell:powerprotect_data_domain_os:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Dell PowerProtect Data Domain <7.7.5.50
Dell / PowerProtect Data Domain
|
<7.7.5.50 | ||
|
Dell PowerProtect Data Domain <7.10.1.40
Dell / PowerProtect Data Domain
|
<7.10.1.40 | ||
|
Dell PowerProtect Data Domain <7.13.1.10
Dell / PowerProtect Data Domain
|
<7.13.1.10 | ||
|
Dell PowerProtect Data Domain <8.1.0.0
Dell / PowerProtect Data Domain
|
<8.1.0.0 |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Dell PowerProtect Data Domain Appliances sind speziell f\u00fcr Backup und Daten-Deduplizierung ausgelegte Systeme.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Dell PowerProtect Data Domain ausnutzen, um seine Privilegien zu erh\u00f6hen, Informationen offenzulegen und um nicht n\u00e4her beschriebene Auswirkungen zu erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-3377 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3377.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-3377 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3377"
},
{
"category": "external",
"summary": "Dell Security Update",
"url": "https://www.dell.com/support/kbdoc/de-de/000245360/dsa-2024-424-security-update-for-dell-pdsa-2024-424-security-update-for-dell-powerprotect-dd-vulnerabilityowerprotect-dd-vulnerability"
},
{
"category": "external",
"summary": "Security Update for Dell PowerProtect Data Domain",
"url": "https://www.dell.com/support/kbdoc/en-us/000348708/dsa-2025-159-security-update-for-dell-powerprotect-data-domain-multiple-vulnerabilities"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:03545-1 vom 2025-10-13",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UB7MGNRMXC5LO5Y66FLOE354VVU5ULQK/"
}
],
"source_lang": "en-US",
"title": "Dell PowerProtect Data Domain: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-12T22:00:00.000+00:00",
"generator": {
"date": "2025-10-13T09:30:21.853+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2024-3377",
"initial_release_date": "2024-11-07T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-11-07T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-08-04T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2025-10-12T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.1.0.0",
"product": {
"name": "Dell PowerProtect Data Domain \u003c8.1.0.0",
"product_id": "T038861"
}
},
{
"category": "product_version",
"name": "8.1.0.0",
"product": {
"name": "Dell PowerProtect Data Domain 8.1.0.0",
"product_id": "T038861-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:8.1.0.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.13.1.10",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.13.1.10",
"product_id": "T038862"
}
},
{
"category": "product_version",
"name": "7.13.1.10",
"product": {
"name": "Dell PowerProtect Data Domain 7.13.1.10",
"product_id": "T038862-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.13.1.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.10.1.40",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.10.1.40",
"product_id": "T038863"
}
},
{
"category": "product_version",
"name": "7.10.1.40",
"product": {
"name": "Dell PowerProtect Data Domain 7.10.1.40",
"product_id": "T038863-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.10.1.40"
}
}
},
{
"category": "product_version_range",
"name": "\u003c7.7.5.50",
"product": {
"name": "Dell PowerProtect Data Domain \u003c7.7.5.50",
"product_id": "T038864"
}
},
{
"category": "product_version",
"name": "7.7.5.50",
"product": {
"name": "Dell PowerProtect Data Domain 7.7.5.50",
"product_id": "T038864-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:7.7.5.50"
}
}
},
{
"category": "product_name",
"name": "Dell PowerProtect Data Domain",
"product": {
"name": "Dell PowerProtect Data Domain",
"product_id": "T045852",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain:-"
}
}
}
],
"category": "product_name",
"name": "PowerProtect Data Domain"
},
{
"category": "product_name",
"name": "Dell PowerProtect Data Domain Management Center",
"product": {
"name": "Dell PowerProtect Data Domain Management Center",
"product_id": "T045853",
"product_identification_helper": {
"cpe": "cpe:/a:dell:powerprotect_data_domain_management_center:-"
}
}
},
{
"category": "product_name",
"name": "Dell PowerProtect Data Domain OS",
"product": {
"name": "Dell PowerProtect Data Domain OS",
"product_id": "T045854",
"product_identification_helper": {
"cpe": "cpe:/o:dell:powerprotect_data_domain_os:-"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45759",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-45759"
},
{
"cve": "CVE-2024-48010",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-48010"
},
{
"cve": "CVE-2024-48011",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-48011"
},
{
"cve": "CVE-2017-16829",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2017-16829"
},
{
"cve": "CVE-2017-5849",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2017-5849"
},
{
"cve": "CVE-2018-7208",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2018-7208"
},
{
"cve": "CVE-2019-14889",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2019-14889"
},
{
"cve": "CVE-2020-12912",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2020-12912"
},
{
"cve": "CVE-2020-16135",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2020-16135"
},
{
"cve": "CVE-2020-1730",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2020-1730"
},
{
"cve": "CVE-2020-24455",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2020-24455"
},
{
"cve": "CVE-2020-8694",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2020-8694"
},
{
"cve": "CVE-2020-8695",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2020-8695"
},
{
"cve": "CVE-2021-27219",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2021-27219"
},
{
"cve": "CVE-2021-3565",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2021-3565"
},
{
"cve": "CVE-2021-3634",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2021-3634"
},
{
"cve": "CVE-2022-1210",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-1210"
},
{
"cve": "CVE-2022-1622",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-1622"
},
{
"cve": "CVE-2022-1996",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-1996"
},
{
"cve": "CVE-2022-22576",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-22576"
},
{
"cve": "CVE-2022-25313",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-25313"
},
{
"cve": "CVE-2022-27774",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-27774"
},
{
"cve": "CVE-2022-27775",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-27775"
},
{
"cve": "CVE-2022-27776",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-27776"
},
{
"cve": "CVE-2022-27781",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-27781"
},
{
"cve": "CVE-2022-27782",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-27782"
},
{
"cve": "CVE-2022-29361",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-29361"
},
{
"cve": "CVE-2022-32205",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-32205"
},
{
"cve": "CVE-2022-32206",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-32206"
},
{
"cve": "CVE-2022-32207",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-32207"
},
{
"cve": "CVE-2022-32208",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-32208"
},
{
"cve": "CVE-2022-32221",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-32221"
},
{
"cve": "CVE-2022-35252",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-35252"
},
{
"cve": "CVE-2022-40023",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-40023"
},
{
"cve": "CVE-2022-40090",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-40090"
},
{
"cve": "CVE-2022-42915",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-42915"
},
{
"cve": "CVE-2022-42916",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-42916"
},
{
"cve": "CVE-2022-43551",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-43551"
},
{
"cve": "CVE-2022-43552",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-43552"
},
{
"cve": "CVE-2022-4603",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-4603"
},
{
"cve": "CVE-2022-48064",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-48064"
},
{
"cve": "CVE-2022-48624",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2022-48624"
},
{
"cve": "CVE-2023-0461",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-0461"
},
{
"cve": "CVE-2023-1667",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-1667"
},
{
"cve": "CVE-2023-1916",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-1916"
},
{
"cve": "CVE-2023-20592",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-20592"
},
{
"cve": "CVE-2023-2137",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-2137"
},
{
"cve": "CVE-2023-22745",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-22745"
},
{
"cve": "CVE-2023-2283",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-2283"
},
{
"cve": "CVE-2023-23914",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-23914"
},
{
"cve": "CVE-2023-23915",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-23915"
},
{
"cve": "CVE-2023-23916",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-23916"
},
{
"cve": "CVE-2023-23934",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-23934"
},
{
"cve": "CVE-2023-25577",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-25577"
},
{
"cve": "CVE-2023-26965",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-26965"
},
{
"cve": "CVE-2023-27043",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-27043"
},
{
"cve": "CVE-2023-2731",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-2731"
},
{
"cve": "CVE-2023-27533",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-27533"
},
{
"cve": "CVE-2023-27534",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-27534"
},
{
"cve": "CVE-2023-27535",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-27535"
},
{
"cve": "CVE-2023-27536",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-27536"
},
{
"cve": "CVE-2023-27538",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-27538"
},
{
"cve": "CVE-2023-28319",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-28319"
},
{
"cve": "CVE-2023-28320",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-28320"
},
{
"cve": "CVE-2023-28321",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-28321"
},
{
"cve": "CVE-2023-28322",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-28322"
},
{
"cve": "CVE-2023-31083",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-31083"
},
{
"cve": "CVE-2023-34055",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-34055"
},
{
"cve": "CVE-2023-35116",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-35116"
},
{
"cve": "CVE-2023-38286",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-38286"
},
{
"cve": "CVE-2023-38469",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-38469"
},
{
"cve": "CVE-2023-38471",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-38471"
},
{
"cve": "CVE-2023-38472",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-38472"
},
{
"cve": "CVE-2023-38545",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-38545"
},
{
"cve": "CVE-2023-38546",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-38546"
},
{
"cve": "CVE-2023-39197",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-39197"
},
{
"cve": "CVE-2023-39198",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-39198"
},
{
"cve": "CVE-2023-39804",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-39804"
},
{
"cve": "CVE-2023-40217",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-40217"
},
{
"cve": "CVE-2023-42465",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-42465"
},
{
"cve": "CVE-2023-4255",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-4255"
},
{
"cve": "CVE-2023-45139",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-45139"
},
{
"cve": "CVE-2023-45322",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-45322"
},
{
"cve": "CVE-2023-45863",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-45863"
},
{
"cve": "CVE-2023-45871",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-45871"
},
{
"cve": "CVE-2023-46136",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-46136"
},
{
"cve": "CVE-2023-46218",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-46218"
},
{
"cve": "CVE-2023-46219",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-46219"
},
{
"cve": "CVE-2023-46751",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-46751"
},
{
"cve": "CVE-2023-48795",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-48795"
},
{
"cve": "CVE-2023-49083",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-49083"
},
{
"cve": "CVE-2023-50447",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-50447"
},
{
"cve": "CVE-2023-5049",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-5049"
},
{
"cve": "CVE-2023-50495",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-50495"
},
{
"cve": "CVE-2023-50782",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-50782"
},
{
"cve": "CVE-2023-51257",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-51257"
},
{
"cve": "CVE-2023-52425",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-52425"
},
{
"cve": "CVE-2023-52426",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-52426"
},
{
"cve": "CVE-2023-5678",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-5678"
},
{
"cve": "CVE-2023-5717",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-5717"
},
{
"cve": "CVE-2023-5752",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-5752"
},
{
"cve": "CVE-2023-6004",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-6004"
},
{
"cve": "CVE-2023-6597",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-6597"
},
{
"cve": "CVE-2023-6918",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-6918"
},
{
"cve": "CVE-2023-7207",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2023-7207"
},
{
"cve": "CVE-2024-0450",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-0727",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-0727"
},
{
"cve": "CVE-2024-0985",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-0985"
},
{
"cve": "CVE-2024-21626",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-21626"
},
{
"cve": "CVE-2024-22195",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-22195"
},
{
"cve": "CVE-2024-22365",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-22365"
},
{
"cve": "CVE-2024-23651",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-23651"
},
{
"cve": "CVE-2024-23652",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-23652"
},
{
"cve": "CVE-2024-23653",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-23653"
},
{
"cve": "CVE-2024-23672",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-23672"
},
{
"cve": "CVE-2024-24549",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-24549"
},
{
"cve": "CVE-2024-25062",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-25062"
},
{
"cve": "CVE-2024-26130",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-26130"
},
{
"cve": "CVE-2024-26458",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-26458"
},
{
"cve": "CVE-2024-26461",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-26461"
},
{
"cve": "CVE-2024-28085",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-28085"
},
{
"cve": "CVE-2024-28182",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-28219",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-28219"
},
{
"cve": "CVE-2024-28757",
"product_status": {
"known_affected": [
"T045853",
"T045852",
"T045854",
"T002207",
"T038864",
"T038863",
"T038862",
"T038861"
]
},
"release_date": "2024-11-07T23:00:00.000+00:00",
"title": "CVE-2024-28757"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…