Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-39894 (GCVE-0-2024-39894)
Vulnerability from cvelistv5 – Published: 2024-07-02 00:00 – Updated: 2025-11-04 16:12
VLAI
EPSS
Summary
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
12 references
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:openbsd:openssh:9.5:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "openssh",
"vendor": "openbsd",
"versions": [
{
"lessThanOrEqual": "9.7",
"status": "affected",
"version": "9.5",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T13:15:38.073610Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T13:15:54.538Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:12:30.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openssh.com/txt/release-9.8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/07/02/1"
},
{
"name": "[oss-security] 20240703 Re: Announce: OpenSSH 9.8 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/6"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240712-0004/"
},
{
"name": "[oss-security] 20240723 Re: linux-distros application for CentOS Project\u0027s Hyperscale SIG",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/4"
},
{
"name": "[oss-security] 20240723 Re: linux-distros application for CentOS Project\u0027s Hyperscale SIG",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/6"
},
{
"name": "[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Sep/33"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T15:12:12.186Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openssh.com/txt/release-9.8"
},
{
"url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/07/02/1"
},
{
"name": "[oss-security] 20240703 Re: Announce: OpenSSH 9.8 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/03/6"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0004/"
},
{
"name": "[oss-security] 20240723 Re: linux-distros application for CentOS Project\u0027s Hyperscale SIG",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/4"
},
{
"name": "[oss-security] 20240723 Re: linux-distros application for CentOS Project\u0027s Hyperscale SIG",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/6"
},
{
"name": "[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/28/3"
},
{
"url": "https://crzphil.github.io/posts/ssh-obfuscation-bypass/"
},
{
"url": "https://news.ycombinator.com/item?id=41508530"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39894",
"datePublished": "2024-07-02T00:00:00.000Z",
"dateReserved": "2024-07-02T00:00:00.000Z",
"dateUpdated": "2025-11-04T16:12:30.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-39894",
"date": "2026-06-05",
"epss": "0.02949",
"percentile": "0.86739"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-39894\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-07-02T18:15:03.710\",\"lastModified\":\"2025-11-04T17:15:55.310\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.\"},{\"lang\":\"es\",\"value\":\"OpenSSH 9.5 a 9.7 anterior a 9.8 a veces permite ataques de sincronizaci\u00f3n contra la entrada de contrase\u00f1a sin eco (por ejemplo, para su y Sudo) debido a un error l\u00f3gico de ObscureKeystrokeTiming. De manera similar, podr\u00edan ocurrir otros ataques de sincronizaci\u00f3n contra la entrada de teclas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-367\"}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/03/6\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/23/4\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/23/6\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/28/3\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://crzphil.github.io/posts/ssh-obfuscation-bypass/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://news.ycombinator.com/item?id=41508530\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240712-0004/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.openssh.com/txt/release-9.8\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.openwall.com/lists/oss-security/2024/07/02/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/Sep/33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/03/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/23/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/23/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/28/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240712-0004/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openssh.com/txt/release-9.8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openwall.com/lists/oss-security/2024/07/02/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.openssh.com/txt/release-9.8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/07/02/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/03/6\", \"name\": \"[oss-security] 20240703 Re: Announce: OpenSSH 9.8 released\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240712-0004/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/23/4\", \"name\": \"[oss-security] 20240723 Re: linux-distros application for CentOS Project\u0027s Hyperscale SIG\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/23/6\", \"name\": \"[oss-security] 20240723 Re: linux-distros application for CentOS Project\u0027s Hyperscale SIG\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/28/3\", \"name\": \"[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:33:11.961Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39894\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-03T13:15:38.073610Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:openbsd:openssh:9.5:-:*:*:*:*:*:*\"], \"vendor\": \"openbsd\", \"product\": \"openssh\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.5\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.7\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-367\", \"description\": \"CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-03T13:10:41.799Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://www.openssh.com/txt/release-9.8\"}, {\"url\": \"https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html\"}, {\"url\": \"https://www.openwall.com/lists/oss-security/2024/07/02/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/03/6\", \"name\": \"[oss-security] 20240703 Re: Announce: OpenSSH 9.8 released\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240712-0004/\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/23/4\", \"name\": \"[oss-security] 20240723 Re: linux-distros application for CentOS Project\u0027s Hyperscale SIG\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/23/6\", \"name\": \"[oss-security] 20240723 Re: linux-distros application for CentOS Project\u0027s Hyperscale SIG\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/28/3\", \"name\": \"[oss-security] 20240728 Re: Announce: OpenSSH 9.8 released\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://crzphil.github.io/posts/ssh-obfuscation-bypass/\"}, {\"url\": \"https://news.ycombinator.com/item?id=41508530\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-09-11T15:12:12.186999\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-39894\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-11T15:12:12.186999\", \"dateReserved\": \"2024-07-02T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-07-02T00:00:00\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
VDE-2024-071
Vulnerability from csaf_phoenixcontactgmbhcokg - Published: 2024-12-09 11:00 - Updated: 2025-05-22 13:03Summary
Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware
Severity
Critical
Notes
Summary: Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS
Impact: Availability, integrity, or confidentiality of the PLCnext Control might be compromised by attacks using these vulnerabilities.
Remediation: Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer. Check download area for latest Firmware update to be installed on EPC 1502 or EPC 1522.
General Recommendation: Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).
A use after free can have a range of potential consequences such as the corruption of valid data, crashes or execution of arbitrary code. However, only applications that directly call the SSL_free_buffers function are affected by this issue. Applications that do not call this function are not vulnerable. Our investigations indicate that this function is rarely used by applications.
5.6 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.
8.1 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
7.5 (High)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a '.git/' directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via 'git config --global core.symlinks false'), the described attack won't work. As always, it is best to avoid cloning repositories from untrusted sources.
9 (Critical)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform various checks on DSA parameters. Some of those computations take a long time if the modulus ('p' parameter) is too large. Trying to use a very large modulus is slow and OpenSSL will not allow using public keys with a modulus which is over 10,000 bits in length for signature verification. However the key and parameter check functions do not limit the modulus size when performing the checks. An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. These functions are not called by OpenSSL itself on untrusted DSA keys so only applications that directly call these functions may be vulnerable. Also vulnerable are the OpenSSL pkey and pkeyparam command line applications when using the '-check' option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.
5.3 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.
5.9 (Medium)
Vendor Fix
Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-31001 | — | ||
| Unresolved product id: CSAFPID-31002 | — | ||
| Unresolved product id: CSAFPID-31004 | — | ||
| Unresolved product id: CSAFPID-31005 | — | ||
| Unresolved product id: CSAFPID-31007 | — | ||
| Unresolved product id: CSAFPID-31008 | — | ||
| Unresolved product id: CSAFPID-31009 | — | ||
| Unresolved product id: CSAFPID-31010 | — |
Fixed
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: CSAFPID-32001 | — | ||
| Unresolved product id: CSAFPID-32002 | — | ||
| Unresolved product id: CSAFPID-32004 | — | ||
| Unresolved product id: CSAFPID-32005 | — | ||
| Unresolved product id: CSAFPID-32007 | — | ||
| Unresolved product id: CSAFPID-32008 | — |
References
5 references
Acknowledgments
CERT@VDE
certvde.com
{
"document": {
"acknowledgments": [
{
"organization": "CERT@VDE",
"summary": "coordination.",
"urls": [
"https://certvde.com"
]
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-GB",
"notes": [
{
"category": "summary",
"text": "Multiple Linux component vulnerabilities fixed in latest PLCnext Firmware release 2024.0.6 LTS",
"title": "Summary"
},
{
"category": "description",
"text": "Availability, integrity, or confidentiality of the PLCnext Control might be compromised by attacks using these vulnerabilities.",
"title": "Impact"
},
{
"category": "description",
"text": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer. Check download area for latest Firmware update to be installed on EPC 1502 or EPC 1522.",
"title": "Remediation"
},
{
"category": "general",
"text": "Phoenix Contact recommends operating network-capable devices in closed networks or protected with a suitable firewall. For detailed information on our recommendations for measures to protect network-capable devices, please refer to our [application note](https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf).",
"title": "General Recommendation"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@phoenixcontact.com",
"name": "Phoenix Contact GmbH \u0026 Co. KG",
"namespace": "https://phoenixcontact.com/psirt"
},
"references": [
{
"category": "external",
"summary": "PCSA-2024/00016",
"url": "https://phoenixcontact.com/psirt"
},
{
"category": "external",
"summary": "Phoenix Contact advisory overview at CERT@VDE",
"url": "https://certvde.com/de/advisories/vendor/phoenixcontact/"
},
{
"category": "external",
"summary": "Phoenix Contact application note",
"url": "https://dam-mdc.phoenixcontact.com/asset/156443151564/0a870ae433c19148b80bd760f3a1c1f2/107913_en_03.pdf"
},
{
"category": "self",
"summary": "VDE-2024-071: Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware - HTML",
"url": "https://certvde.com/en/advisories/VDE-2024-071"
},
{
"category": "self",
"summary": "VDE-2024-071: Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware - CSAF",
"url": "https://phoenixcontact.csaf-tp.certvde.com/.well-known/csaf/white/2024/vde-2024-071.json"
}
],
"source_lang": "en",
"title": "Phoenix Contact: Multiple Vulnerabilities in PLCnext Firmware",
"tracking": {
"aliases": [
"VDE-2024-071",
"PCSA-2024/00016"
],
"current_release_date": "2025-05-22T13:03:10.000Z",
"generator": {
"date": "2024-12-02T16:25:30.228Z",
"engine": {
"name": "Secvisogram",
"version": "2.5.15"
}
},
"id": "VDE-2024-071",
"initial_release_date": "2024-12-09T11:00:00.000Z",
"revision_history": [
{
"date": "2024-12-09T11:00:00.000Z",
"number": "1",
"summary": "Initial"
},
{
"date": "2025-05-22T13:03:10.000Z",
"number": "2",
"summary": "Fix: version space, contact details, quotation mark"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "AXC F 1152",
"product": {
"name": "AXC F 1152",
"product_id": "CSAFPID-11001",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 2152",
"product": {
"name": "AXC F 2152",
"product_id": "CSAFPID-11002",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
}
},
{
"category": "product_name",
"name": "AXC F 3152",
"product": {
"name": "AXC F 3152",
"product_id": "CSAFPID-11003",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072S",
"product": {
"name": "RFC 4072S",
"product_id": "CSAFPID-11004",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
}
},
{
"category": "product_name",
"name": "RFC 4072R",
"product": {
"name": "RFC 4072R",
"product_id": "CSAFPID-11005",
"product_identification_helper": {
"model_numbers": [
"1136419"
]
}
}
},
{
"category": "product_name",
"name": "BPC 9102S",
"product": {
"name": "BPC 9102S",
"product_id": "CSAFPID-11011",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
}
},
{
"category": "product_name",
"name": "EPC 1502",
"product": {
"name": "EPC 1502",
"product_id": "CSAFPID-11009",
"product_identification_helper": {
"model_numbers": [
"1185416"
]
}
}
},
{
"category": "product_name",
"name": "EPC 1522",
"product": {
"name": "EPC 1522",
"product_id": "CSAFPID-11010",
"product_identification_helper": {
"model_numbers": [
"1264328"
]
}
}
}
],
"category": "product_family",
"name": "Hardware"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2024.0.6 LTS",
"product": {
"name": "Firmware \u003c2024.0.6 LTS",
"product_id": "CSAFPID-21001"
}
},
{
"category": "product_version",
"name": "2024.0.6 LTS",
"product": {
"name": "Firmware 2024.0.6 LTS",
"product_id": "CSAFPID-22001"
}
}
],
"category": "product_family",
"name": "Firmware"
}
],
"category": "vendor",
"name": "Phoenix Contact GmbH \u0026 Co. KG"
}
],
"product_groups": [
{
"group_id": "CSAFGID-61001",
"product_ids": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
],
"summary": "Affected Products."
},
{
"group_id": "CSAFGID-62001",
"product_ids": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008"
],
"summary": "Fixed Product."
}
],
"relationships": [
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on AXC F 1152",
"product_id": "CSAFPID-31001",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.6 LTS installed on AXC F 1152",
"product_id": "CSAFPID-32001",
"product_identification_helper": {
"model_numbers": [
"1151412"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11001"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on AXC F 2152",
"product_id": "CSAFPID-31002",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.6 LTS installed on AXC F 2152",
"product_id": "CSAFPID-32002",
"product_identification_helper": {
"model_numbers": [
"2404267"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11002"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on AXC F 3152",
"product_id": "CSAFPID-31004",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.6 LTS installed on AXC F 3152",
"product_id": "CSAFPID-32004",
"product_identification_helper": {
"model_numbers": [
"1069208"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11003"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on RFC 4072S",
"product_id": "CSAFPID-31005",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.6 LTS installed on RFC 4072S",
"product_id": "CSAFPID-32005",
"product_identification_helper": {
"model_numbers": [
"1051328"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11004"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on BPC 9102S",
"product_id": "CSAFPID-31007",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.6 LTS installed on BPC 9102S",
"product_id": "CSAFPID-32007",
"product_identification_helper": {
"model_numbers": [
"1246285"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11011"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on RFC 4072R",
"product_id": "CSAFPID-31008",
"product_identification_helper": {
"model_numbers": [
"1136419"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware 2024.0.6 LTS installed on RFC 4072R",
"product_id": "CSAFPID-32008",
"product_identification_helper": {
"model_numbers": [
"1136419"
]
}
},
"product_reference": "CSAFPID-22001",
"relates_to_product_reference": "CSAFPID-11005"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on EPC 1502",
"product_id": "CSAFPID-31009",
"product_identification_helper": {
"model_numbers": [
"1185416"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11009"
},
{
"category": "installed_on",
"full_product_name": {
"name": "Firmware \u003c2024.0.6 LTS installed on EPC 1522",
"product_id": "CSAFPID-31010",
"product_identification_helper": {
"model_numbers": [
"1264328"
]
}
},
"product_reference": "CSAFPID-21001",
"relates_to_product_reference": "CSAFPID-11010"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-4741",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "A use after free can have a range of potential consequences such\nas the corruption of valid data, crashes or execution of arbitrary code.\nHowever, only applications that directly call the SSL_free_buffers function are\naffected by this issue. Applications that do not call this function are not\nvulnerable. Our investigations indicate that this function is rarely used by\napplications.",
"title": "Vulnerability Description"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2024-4741](https://nvd.nist.gov/vuln/detail/CVE-2024-4741)",
"title": "Details"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalScore": 5.6,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.6,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2024-4741"
},
{
"cve": "CVE-2024-6387",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "A security regression (CVE-2006-5051) was discovered in OpenSSH\u0027s server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.",
"title": "Vulnerability Description"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387)",
"title": "Details"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 8.1,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2024-6387"
},
{
"cve": "CVE-2024-39894",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.",
"title": "Vulnerability Description"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2024-39894](https://nvd.nist.gov/vuln/detail/CVE-2024-39894)",
"title": "Details"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalScore": 7.5,
"environmentalSeverity": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"temporalSeverity": "HIGH",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2024-39894"
},
{
"cve": "CVE-2024-32002",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"audience": "all",
"category": "summary",
"text": "Git\u0027s recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution",
"title": "Summary"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2024-32002](https://nvd.nist.gov/vuln/detail/CVE-2024-32002)",
"title": "Details"
},
{
"audience": "all",
"category": "description",
"text": "Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule\u0027s worktree but into a \u0027.git/\u0027 directory. This allows writing a hook that will be executed while the clone operation is still running, giving the user no opportunity to inspect the code that is being executed. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. If symbolic link support is disabled in Git (e.g. via \u0027git config --global core.symlinks false\u0027), the described attack won\u0027t work. As always, it is best to avoid cloning repositories from untrusted sources.",
"title": "Vulnerability Description"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.1,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 9,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2024-32002"
},
{
"cve": "CVE-2024-4603",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: Applications that use the functions EVP_PKEY_param_check() or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform various checks on DSA parameters. Some of those computations take a long time if the modulus (\u0027p\u0027 parameter) is too large. Trying to use a very large modulus is slow and OpenSSL will not allow using public keys with a modulus which is over 10,000 bits in length for signature verification. However the key and parameter check functions do not limit the modulus size when performing the checks. An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. These functions are not called by OpenSSL itself on untrusted DSA keys so only applications that directly call these functions may be vulnerable. Also vulnerable are the OpenSSL pkey and pkeyparam command line applications when using the \u0027-check\u0027 option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.\n\n",
"title": "Vulnerability Description"
},
{
"audience": "all",
"category": "details",
"text": "[https://nvd.nist.gov/vuln/detail/CVE-2024-4603](https://nvd.nist.gov/vuln/detail/CVE-2024-4603)",
"title": "Details"
},
{
"audience": "all",
"category": "summary",
"text": "Excessive time spent checking DSA keys and parameters",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.3,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2024-4603"
},
{
"cve": "CVE-2024-2511",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"notes": [
{
"audience": "all",
"category": "description",
"text": "Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to trigger unbounded memory growth that would lead to a Denial of Service This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is being used (but not if early_data support is also configured and the default anti-replay protection is in use). In this case, under certain conditions, the session cache can get into an incorrect state and it will fail to flush properly as it fills. The session cache will continue to grow in an unbounded manner. A malicious client could deliberately create the scenario for this failure to force a Denial of Service. It may also happen by accident in normal operation. This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS clients. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL 1.0.2 is also not affected by this issue.",
"title": "Vulnerability Description"
},
{
"audience": "all",
"category": "details",
"text": "[https://www.suse.com/security/cve/CVE-2024-2511.html](https://www.suse.com/security/cve/CVE-2024-2511.html)",
"title": "Details"
},
{
"audience": "all",
"category": "summary",
"text": "Unbounded memory growth with session handling in TLSv1.3",
"title": "Summary"
}
],
"product_status": {
"fixed": [
"CSAFPID-32001",
"CSAFPID-32002",
"CSAFPID-32004",
"CSAFPID-32005",
"CSAFPID-32007",
"CSAFPID-32008"
],
"known_affected": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
},
"remediations": [
{
"category": "vendor_fix",
"details": "Update to the latest 2024.0.6 LTS Firmware Release. PHOENIX CONTACT recommends to always use an up-to-date version of the PLCnext Engineer.",
"group_ids": [
"CSAFGID-61001"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"environmentalScore": 5.9,
"environmentalSeverity": "MEDIUM",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.9,
"temporalSeverity": "MEDIUM",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-31001",
"CSAFPID-31002",
"CSAFPID-31004",
"CSAFPID-31005",
"CSAFPID-31007",
"CSAFPID-31008",
"CSAFPID-31009",
"CSAFPID-31010"
]
}
],
"title": "CVE-2024-2511"
}
]
}
WID-SEC-W-2024-1514
Vulnerability from csaf_certbund - Published: 2024-07-03 22:00 - Updated: 2026-06-02 22:00Summary
OpenSSH: Schwachstelle ermöglicht Offenlegung von Informationen
Severity
Niedrig
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSH ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme: - Linux
- Windows
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
Juniper JUNOS <24.2R2-EVO
Juniper / JUNOS
|
<24.2R2-EVO | ||
|
Juniper JUNOS <24.2R2
Juniper / JUNOS
|
<24.2R2 | ||
|
Aruba AOS-CX <10.10.1160
Aruba / AOS-CX
|
<10.10.1160 | ||
|
Aruba AOS-CX <10.13.1090
Aruba / AOS-CX
|
<10.13.1090 | ||
|
Aruba AOS-CX <10.15.1010
Aruba / AOS-CX
|
<10.15.1010 | ||
|
Meinberg LANTIME <V7.08.014
Meinberg / LANTIME
|
<V7.08.014 | ||
|
Aruba AOS-CX <10.16.1010
Aruba / AOS-CX
|
<10.16.1010 | ||
|
FreeBSD Project FreeBSD OS <14.1-RELEASE-p7
FreeBSD Project / FreeBSD OS
|
<14.1-RELEASE-p7 | ||
|
FreeBSD Project FreeBSD OS <13.4-STABLE
FreeBSD Project / FreeBSD OS
|
<13.4-STABLE | ||
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper JUNOS <24.4R1-EVO
Juniper / JUNOS
|
<24.4R1-EVO | ||
|
Juniper JUNOS <24.2R1-S2-EVO
Juniper / JUNOS
|
<24.2R1-S2-EVO | ||
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Juniper JUNOS <24.4R1
Juniper / JUNOS
|
<24.4R1 | ||
|
FreeBSD Project FreeBSD OS <14.2-STABLE
FreeBSD Project / FreeBSD OS
|
<14.2-STABLE | ||
|
Open Source OpenSSH <9.8
Open Source / OpenSSH
|
<9.8 | ||
|
Juniper JUNOS <24.2R1-S2
Juniper / JUNOS
|
<24.2R1-S2 |
References
12 references
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "OpenSSH ist eine Open Source Implementierung des Secure Shell Protokolls.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in OpenSSH ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1514 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1514.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1514 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1514"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA92873 vom 2024-01-09",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSH"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-001 vom 2025-01-13",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-001-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "Red Hat Bugtracker vom 2024-07-03",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295273"
},
{
"category": "external",
"summary": "OSS Mailing List vom 2024-07-03",
"url": "https://seclists.org/oss-sec/2024/q3/20"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6887-1 vom 2024-07-09",
"url": "https://ubuntu.com/security/notices/USN-6887-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2393-1 vom 2024-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018919.html"
},
{
"category": "external",
"summary": "Meinberg Security Advisory vom 2024-07-22",
"url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2024-04-lantime-firmware-v7-08-014.htm"
},
{
"category": "external",
"summary": "FreeBSD Security Advisory",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-25:01.openssh.asc"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20009-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021369.html"
},
{
"category": "external",
"summary": "HP Security Bulletin HPESBNW05062 vom 2026-06-02",
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05062en_us\u0026docLocale=en_US"
}
],
"source_lang": "en-US",
"title": "OpenSSH: Schwachstelle erm\u00f6glicht Offenlegung von Informationen",
"tracking": {
"current_release_date": "2026-06-02T22:00:00.000+00:00",
"generator": {
"date": "2026-06-03T06:12:27.955+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2024-1514",
"initial_release_date": "2024-07-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-07-10T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-07-23T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Meinberg aufgenommen"
},
{
"date": "2025-01-08T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-01-29T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von FreeBSD aufgenommen"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-06-02T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von HP aufgenommen"
}
],
"status": "final",
"version": "9"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.16.1010",
"product": {
"name": "Aruba AOS-CX \u003c10.16.1010",
"product_id": "T054962"
}
},
{
"category": "product_version",
"name": "10.16.1010",
"product": {
"name": "Aruba AOS-CX 10.16.1010",
"product_id": "T054962-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:aruba:aos-cx:10.16.1010"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.15.1010",
"product": {
"name": "Aruba AOS-CX \u003c10.15.1010",
"product_id": "T054963"
}
},
{
"category": "product_version",
"name": "10.15.1010",
"product": {
"name": "Aruba AOS-CX 10.15.1010",
"product_id": "T054963-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:aruba:aos-cx:10.15.1010"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.13.1090",
"product": {
"name": "Aruba AOS-CX \u003c10.13.1090",
"product_id": "T054964"
}
},
{
"category": "product_version",
"name": "10.13.1090",
"product": {
"name": "Aruba AOS-CX 10.13.1090",
"product_id": "T054964-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:aruba:aos-cx:10.13.1090"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.10.1160",
"product": {
"name": "Aruba AOS-CX \u003c10.10.1160",
"product_id": "T054965"
}
},
{
"category": "product_version",
"name": "10.10.1160",
"product": {
"name": "Aruba AOS-CX 10.10.1160",
"product_id": "T054965-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:aruba:aos-cx:10.10.1160"
}
}
}
],
"category": "product_name",
"name": "AOS-CX"
}
],
"category": "vendor",
"name": "Aruba"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c13.4-STABLE",
"product": {
"name": "FreeBSD Project FreeBSD OS \u003c13.4-STABLE",
"product_id": "T038681"
}
},
{
"category": "product_version",
"name": "13.4-STABLE",
"product": {
"name": "FreeBSD Project FreeBSD OS 13.4-STABLE",
"product_id": "T038681-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:13.4-stable"
}
}
},
{
"category": "product_version_range",
"name": "\u003c14.2-STABLE",
"product": {
"name": "FreeBSD Project FreeBSD OS \u003c14.2-STABLE",
"product_id": "T040689"
}
},
{
"category": "product_version",
"name": "14.2-STABLE",
"product": {
"name": "FreeBSD Project FreeBSD OS 14.2-STABLE",
"product_id": "T040689-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:14.2-stable"
}
}
},
{
"category": "product_version_range",
"name": "\u003c14.1-RELEASE-p7",
"product": {
"name": "FreeBSD Project FreeBSD OS \u003c14.1-RELEASE-p7",
"product_id": "T040690"
}
},
{
"category": "product_version",
"name": "14.1-RELEASE-p7",
"product": {
"name": "FreeBSD Project FreeBSD OS 14.1-RELEASE-p7",
"product_id": "T040690-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:freebsd:freebsd:14.1-release-p7"
}
}
}
],
"category": "product_name",
"name": "FreeBSD OS"
}
],
"category": "vendor",
"name": "FreeBSD Project"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.2R2",
"product": {
"name": "Juniper JUNOS \u003c24.2R2",
"product_id": "T037895"
}
},
{
"category": "product_version",
"name": "24.2R2",
"product": {
"name": "Juniper JUNOS 24.2R2",
"product_id": "T037895-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:24.2r2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.2R2-EVO",
"product": {
"name": "Juniper JUNOS \u003c24.2R2-EVO",
"product_id": "T037905"
}
},
{
"category": "product_version",
"name": "24.2R2-EVO",
"product": {
"name": "Juniper JUNOS 24.2R2-EVO",
"product_id": "T037905-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:24.2r2-evo"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.2R1-S2",
"product": {
"name": "Juniper JUNOS \u003c24.2R1-S2",
"product_id": "T040069"
}
},
{
"category": "product_version",
"name": "24.2R1-S2",
"product": {
"name": "Juniper JUNOS 24.2R1-S2",
"product_id": "T040069-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:24.2r1-s2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.4R1",
"product": {
"name": "Juniper JUNOS \u003c24.4R1",
"product_id": "T040070"
}
},
{
"category": "product_version",
"name": "24.4R1",
"product": {
"name": "Juniper JUNOS 24.4R1",
"product_id": "T040070-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:24.4r1"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.2R1-S2-EVO",
"product": {
"name": "Juniper JUNOS \u003c24.2R1-S2-EVO",
"product_id": "T040071"
}
},
{
"category": "product_version",
"name": "24.2R1-S2-EVO",
"product": {
"name": "Juniper JUNOS 24.2R1-S2-EVO",
"product_id": "T040071-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:24.2r1-s2-evo"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.4R1-EVO",
"product": {
"name": "Juniper JUNOS \u003c24.4R1-EVO",
"product_id": "T040072"
}
},
{
"category": "product_version",
"name": "24.4R1-EVO",
"product": {
"name": "Juniper JUNOS 24.4R1-EVO",
"product_id": "T040072-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:24.4r1-evo"
}
}
}
],
"category": "product_name",
"name": "JUNOS"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV7.08.014",
"product": {
"name": "Meinberg LANTIME \u003cV7.08.014",
"product_id": "T036396"
}
},
{
"category": "product_version",
"name": "V7.08.014",
"product": {
"name": "Meinberg LANTIME V7.08.014",
"product_id": "T036396-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:meinberg:lantime:v7.08.014"
}
}
}
],
"category": "product_name",
"name": "LANTIME"
}
],
"category": "vendor",
"name": "Meinberg"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.8",
"product": {
"name": "Open Source OpenSSH \u003c9.8",
"product_id": "T035806"
}
},
{
"category": "product_version",
"name": "9.8",
"product": {
"name": "Open Source OpenSSH 9.8",
"product_id": "T035806-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:openbsd:openssh:9.8"
}
}
}
],
"category": "product_name",
"name": "OpenSSH"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v9 for Solaris",
"product": {
"name": "Xerox FreeFlow Print Server v9 for Solaris",
"product_id": "T028053",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9_for_solaris"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-39894",
"product_status": {
"known_affected": [
"T028053",
"T037905",
"T037895",
"T054965",
"T054964",
"T054963",
"T036396",
"T054962",
"T040690",
"T038681",
"T002207",
"T040072",
"T040071",
"T000126",
"T040070",
"T040689",
"T035806",
"T040069"
]
},
"release_date": "2024-07-03T22:00:00.000+00:00",
"title": "CVE-2024-39894"
}
]
}
WID-SEC-W-2024-2154
Vulnerability from csaf_certbund - Published: 2024-09-16 22:00 - Updated: 2025-03-11 23:00Summary
Apple macOS: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erhöhen, einen Denial-of-Service-Zustand herbeizuführen, Spoofing-Angriffe durchzuführen, Daten zu ändern, Sicherheitsmaßnahmen zu umgehen und vertrauliche Informationen offenzulegen
Betroffene Betriebssysteme: - MacOS X
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Apple macOS Sequoia <15
Apple / macOS
|
Sequoia <15 | ||
|
Apple macOS Sonoma <14.7
Apple / macOS
|
Sonoma <14.7 | ||
|
Apple macOS Ventura <13.7
Apple / macOS
|
Ventura <13.7 |
References
8 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um seine Privilegien zu erh\u00f6hen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Spoofing-Angriffe durchzuf\u00fchren, Daten zu \u00e4ndern, Sicherheitsma\u00dfnahmen zu umgehen und vertrauliche Informationen offenzulegen",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-2154 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-2154.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-2154 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2154"
},
{
"category": "external",
"summary": "About the security content of macOS Sequoia 15 vom 2024-09-16",
"url": "https://support.apple.com/en-us/121238"
},
{
"category": "external",
"summary": "About the security content of macOS Sonoma 14.7 vom 2024-09-16",
"url": "https://support.apple.com/en-us/121247"
},
{
"category": "external",
"summary": "About the security content of macOS Ventura 13.7 vom 2024-09-16",
"url": "https://support.apple.com/en-us/121234"
},
{
"category": "external",
"summary": "APPLE-SA-09-16-2024-10 macOS Ventura 13.7 vom 2024-09-16",
"url": "https://lists.apple.com/archives/security-announce/2024/Sep/msg00009.html"
},
{
"category": "external",
"summary": "APPLE-SA-09-16-2024-2 macOS Sequoia 15 vom 2024-09-16",
"url": "https://lists.apple.com/archives/security-announce/2024/Sep/msg00001.html"
},
{
"category": "external",
"summary": "APPLE-SA-09-16-2024-9 macOS Sonoma 14.7 vom 2024-09-16",
"url": "https://lists.apple.com/archives/security-announce/2024/Sep/msg00008.html"
}
],
"source_lang": "en-US",
"title": "Apple macOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-03-11T23:00:00.000+00:00",
"generator": {
"date": "2025-03-12T09:22:54.279+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-2154",
"initial_release_date": "2024-09-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-09-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-10-28T23:00:00.000+00:00",
"number": "2",
"summary": "CVE\u0027s erg\u00e4nzt"
},
{
"date": "2025-02-05T23:00:00.000+00:00",
"number": "3",
"summary": "CVE\u0027s erg\u00e4nzt"
},
{
"date": "2025-03-11T23:00:00.000+00:00",
"number": "4",
"summary": "CVE-Nummern erg\u00e4nzt"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Sequoia \u003c15",
"product": {
"name": "Apple macOS Sequoia \u003c15",
"product_id": "T037659"
}
},
{
"category": "product_version",
"name": "Sequoia 15",
"product": {
"name": "Apple macOS Sequoia 15",
"product_id": "T037659-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:sequoia__15"
}
}
},
{
"category": "product_version_range",
"name": "Sonoma \u003c14.7",
"product": {
"name": "Apple macOS Sonoma \u003c14.7",
"product_id": "T037660"
}
},
{
"category": "product_version",
"name": "Sonoma 14.7",
"product": {
"name": "Apple macOS Sonoma 14.7",
"product_id": "T037660-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:sonoma__14.7"
}
}
},
{
"category": "product_version_range",
"name": "Ventura \u003c13.7",
"product": {
"name": "Apple macOS Ventura \u003c13.7",
"product_id": "T037661"
}
},
{
"category": "product_version",
"name": "Ventura 13.7",
"product": {
"name": "Apple macOS Ventura 13.7",
"product_id": "T037661-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:ventura__13.7"
}
}
}
],
"category": "product_name",
"name": "macOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-4504",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2023-4504"
},
{
"cve": "CVE-2023-5841",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2023-5841"
},
{
"cve": "CVE-2024-23237",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-23237"
},
{
"cve": "CVE-2024-27792",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27792"
},
{
"cve": "CVE-2024-27795",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27795"
},
{
"cve": "CVE-2024-27809",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27809"
},
{
"cve": "CVE-2024-27849",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27849"
},
{
"cve": "CVE-2024-27853",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27853"
},
{
"cve": "CVE-2024-27858",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27858"
},
{
"cve": "CVE-2024-27859",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27859"
},
{
"cve": "CVE-2024-27860",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27860"
},
{
"cve": "CVE-2024-27861",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27861"
},
{
"cve": "CVE-2024-27869",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27869"
},
{
"cve": "CVE-2024-27875",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27875"
},
{
"cve": "CVE-2024-27876",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27876"
},
{
"cve": "CVE-2024-27880",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27880"
},
{
"cve": "CVE-2024-27886",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27886"
},
{
"cve": "CVE-2024-27887",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27887"
},
{
"cve": "CVE-2024-27888",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-27888"
},
{
"cve": "CVE-2024-39894",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-39894"
},
{
"cve": "CVE-2024-40770",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40770"
},
{
"cve": "CVE-2024-40791",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40791"
},
{
"cve": "CVE-2024-40792",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40792"
},
{
"cve": "CVE-2024-40797",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40797"
},
{
"cve": "CVE-2024-40801",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40801"
},
{
"cve": "CVE-2024-40814",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40814"
},
{
"cve": "CVE-2024-40825",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40825"
},
{
"cve": "CVE-2024-40826",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40826"
},
{
"cve": "CVE-2024-40831",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40831"
},
{
"cve": "CVE-2024-40837",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40837"
},
{
"cve": "CVE-2024-40838",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40838"
},
{
"cve": "CVE-2024-40841",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40841"
},
{
"cve": "CVE-2024-40842",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40842"
},
{
"cve": "CVE-2024-40843",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40843"
},
{
"cve": "CVE-2024-40844",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40844"
},
{
"cve": "CVE-2024-40845",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40845"
},
{
"cve": "CVE-2024-40846",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40846"
},
{
"cve": "CVE-2024-40847",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40847"
},
{
"cve": "CVE-2024-40848",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40848"
},
{
"cve": "CVE-2024-40850",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40850"
},
{
"cve": "CVE-2024-40855",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40855"
},
{
"cve": "CVE-2024-40856",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40856"
},
{
"cve": "CVE-2024-40857",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40857"
},
{
"cve": "CVE-2024-40859",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40859"
},
{
"cve": "CVE-2024-40860",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40860"
},
{
"cve": "CVE-2024-40861",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40861"
},
{
"cve": "CVE-2024-40866",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-40866"
},
{
"cve": "CVE-2024-41957",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-41957"
},
{
"cve": "CVE-2024-44122",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44122"
},
{
"cve": "CVE-2024-44123",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44123"
},
{
"cve": "CVE-2024-44125",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44125"
},
{
"cve": "CVE-2024-44126",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44126"
},
{
"cve": "CVE-2024-44128",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44128"
},
{
"cve": "CVE-2024-44129",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44129"
},
{
"cve": "CVE-2024-44130",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44130"
},
{
"cve": "CVE-2024-44131",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44131"
},
{
"cve": "CVE-2024-44132",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44132"
},
{
"cve": "CVE-2024-44133",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44133"
},
{
"cve": "CVE-2024-44134",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44134"
},
{
"cve": "CVE-2024-44135",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44135"
},
{
"cve": "CVE-2024-44137",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44137"
},
{
"cve": "CVE-2024-44144",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44144"
},
{
"cve": "CVE-2024-44145",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44145"
},
{
"cve": "CVE-2024-44146",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44146"
},
{
"cve": "CVE-2024-44148",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44148"
},
{
"cve": "CVE-2024-44149",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44149"
},
{
"cve": "CVE-2024-44151",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44151"
},
{
"cve": "CVE-2024-44152",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44152"
},
{
"cve": "CVE-2024-44153",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44153"
},
{
"cve": "CVE-2024-44154",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44154"
},
{
"cve": "CVE-2024-44155",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44155"
},
{
"cve": "CVE-2024-44158",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44158"
},
{
"cve": "CVE-2024-44160",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44160"
},
{
"cve": "CVE-2024-44161",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44161"
},
{
"cve": "CVE-2024-44163",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44163"
},
{
"cve": "CVE-2024-44164",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44164"
},
{
"cve": "CVE-2024-44165",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44165"
},
{
"cve": "CVE-2024-44166",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44166"
},
{
"cve": "CVE-2024-44167",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44167"
},
{
"cve": "CVE-2024-44168",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44168"
},
{
"cve": "CVE-2024-44169",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44169"
},
{
"cve": "CVE-2024-44170",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44170"
},
{
"cve": "CVE-2024-44172",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44172"
},
{
"cve": "CVE-2024-44174",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44174"
},
{
"cve": "CVE-2024-44175",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44175"
},
{
"cve": "CVE-2024-44176",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44176"
},
{
"cve": "CVE-2024-44177",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44177"
},
{
"cve": "CVE-2024-44178",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44178"
},
{
"cve": "CVE-2024-44179",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44179"
},
{
"cve": "CVE-2024-44181",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44181"
},
{
"cve": "CVE-2024-44182",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44182"
},
{
"cve": "CVE-2024-44183",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44183"
},
{
"cve": "CVE-2024-44184",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44184"
},
{
"cve": "CVE-2024-44186",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44186"
},
{
"cve": "CVE-2024-44187",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44187"
},
{
"cve": "CVE-2024-44188",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44188"
},
{
"cve": "CVE-2024-44189",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44189"
},
{
"cve": "CVE-2024-44190",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44190"
},
{
"cve": "CVE-2024-44191",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44191"
},
{
"cve": "CVE-2024-44192",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44192"
},
{
"cve": "CVE-2024-44198",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44198"
},
{
"cve": "CVE-2024-44203",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44203"
},
{
"cve": "CVE-2024-44208",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44208"
},
{
"cve": "CVE-2024-44227",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-44227"
},
{
"cve": "CVE-2024-54463",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-54463"
},
{
"cve": "CVE-2024-54467",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-54467"
},
{
"cve": "CVE-2024-54469",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-54469"
},
{
"cve": "CVE-2024-54473",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-54473"
},
{
"cve": "CVE-2024-54546",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-54546"
},
{
"cve": "CVE-2024-54558",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-54558"
},
{
"cve": "CVE-2024-54560",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-54560"
},
{
"cve": "CVE-2024-54658",
"product_status": {
"known_affected": [
"T037659",
"T037660",
"T037661"
]
},
"release_date": "2024-09-16T22:00:00.000+00:00",
"title": "CVE-2024-54658"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…