{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Oracle heeft kwetsbaarheden verholpen in Java SE en GraalVM.", "title": "Feiten" }, { "category": "description", "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:\n\n- Denial-of-Service (DoS)\n- Manipuleren van data\n- Uitvoer van willekeurige code (Gebruikersrechten)\n- Toegang tot gevoelige gegevens\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden om onvertrouwde code te importeren en uitvoeren. Deze kwetsbaarheden vormen daarom met name een risico voor ontwikkelaars en (lokale) gebruikers met rechten om code te importeren en uitvoeren.", "title": "Interpretaties" }, { "category": "description", "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Handling of Length Parameter Inconsistency", "title": "CWE-130" }, { "category": "general", "text": "Signed to Unsigned Conversion Error", "title": "CWE-195" }, { "category": "general", "text": "Improper Neutralization of Special Elements used in a Command ('Command Injection')", "title": "CWE-77" }, { "category": "general", "text": "Integer Overflow or Wraparound", "title": "CWE-190" }, { "category": "general", "text": "Use After Free", "title": "CWE-416" }, { "category": "general", "text": "Heap-based Buffer Overflow", "title": "CWE-122" }, { "category": "general", "text": "Memory Allocation with Excessive Size Value", "title": "CWE-789" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference - cveprojectv5; hkcert; nvd; oracle; redhat", "url": "https://www.oracle.com/security-alerts/cpuoct2024.html" } ], "title": "Kwetsbaarheden verholpen in Oracle Java", "tracking": { "current_release_date": "2024-10-17T13:20:07.759085Z", "id": "NCSC-2024-0419", "initial_release_date": "2024-10-17T13:20:07.759085Z", "revision_history": [ { "date": "2024-10-17T13:20:07.759085Z", "number": "0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "graalvm", "product": { "name": "graalvm", "product_id": "CSAFPID-1673125", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm", "product": { "name": "graalvm", "product_id": "CSAFPID-1673121", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm", "product": { "name": "graalvm", "product_id": "CSAFPID-1673122", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm", "product": { "name": "graalvm", "product_id": "CSAFPID-1673123", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm", "product": { "name": "graalvm", "product_id": "CSAFPID-1673120", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_java_se_23:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "oracle_java_se", "product": { "name": "oracle_java_se", "product_id": "CSAFPID-1673115", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "oracle_java_se", "product": { "name": "oracle_java_se", "product_id": "CSAFPID-1673116", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "oracle_java_se", "product": { "name": "oracle_java_se", "product_id": "CSAFPID-1673112", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "oracle_java_se", "product": { "name": "oracle_java_se", "product_id": "CSAFPID-1673113", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "oracle_java_se", "product": { "name": "oracle_java_se", "product_id": "CSAFPID-1673114", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "oracle_java_se", "product": { "name": "oracle_java_se", "product_id": "CSAFPID-1673108", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "oracle_java_se", "product": { "name": "oracle_java_se", "product_id": "CSAFPID-1673109", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "oracle_java_se", "product": { "name": "oracle_java_se", "product_id": "CSAFPID-1673110", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "oracle_java_se", "product": { "name": "oracle_java_se", "product_id": "CSAFPID-1673111", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_23:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "oracle_java_se", "product": { "name": "oracle_java_se", "product_id": "CSAFPID-1673107", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421-perf:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "oracle_java_se", "product": { "name": "oracle_java_se", "product_id": "CSAFPID-1673106", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:oracle_java_se:oracle_java_se_8u421:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm", "product": { "name": "graalvm", "product_id": "CSAFPID-1673124", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle_corporation:graalvm:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*" } } } ], "category": "vendor", "name": "oracle_corporation" }, { "branches": [ { "category": "product_name", "name": "graalvm_for_jdk", "product": { "name": "graalvm_for_jdk", "product_id": "CSAFPID-912046", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.10:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm_for_jdk", "product": { "name": "graalvm_for_jdk", "product_id": "CSAFPID-1503299", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.11:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm_for_jdk", "product": { "name": "graalvm_for_jdk", "product_id": "CSAFPID-1673300", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.12:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm_for_jdk", "product": { "name": "graalvm_for_jdk", "product_id": "CSAFPID-912045", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.2:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm_for_jdk", "product": { "name": "graalvm_for_jdk", "product_id": "CSAFPID-1503302", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.3:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm_for_jdk", "product": { "name": "graalvm_for_jdk", "product_id": "CSAFPID-1673301", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.4:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm_for_jdk", "product": { "name": "graalvm_for_jdk", "product_id": "CSAFPID-912044", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm_for_jdk", "product": { "name": "graalvm_for_jdk", "product_id": "CSAFPID-1503306", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:22.0.1:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm_for_jdk", "product": { "name": "graalvm_for_jdk", "product_id": "CSAFPID-1673304", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:23:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm_for_jdk", "product": { "name": "graalvm_for_jdk", "product_id": "CSAFPID-912600", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm_for_jdk", "product": { "name": "graalvm_for_jdk", "product_id": "CSAFPID-912601", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm_for_jdk:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm", "product": { "name": "graalvm", "product_id": "CSAFPID-1457455", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm:*:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm", "product": { "name": "graalvm", "product_id": "CSAFPID-1672740", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm", "product": { "name": "graalvm", "product_id": "CSAFPID-1673407", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm:20.3.15:*:*:*:enterprise:*:*:*" } } }, { "category": "product_name", "name": "graalvm", "product": { "name": "graalvm", "product_id": "CSAFPID-1672742", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "graalvm", "product": { "name": "graalvm", "product_id": "CSAFPID-1673406", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:graalvm:21.3.11:*:*:*:enterprise:*:*:*" } } }, { "category": "product_name", "name": "database_server", "product": { "name": "database_server", "product_id": "CSAFPID-1503604", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:database_server:_java_vm___23.4:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-550274", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:*:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-912051", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:11.0.22:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1503300", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:11.0.23:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1673306", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:11.0.24:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-912050", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:17.0.10:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1503304", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:17.0.11:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1673303", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:17.0.12:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-912049", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:21.0.2:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1503305", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:21.0.3:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1673305", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:21.0.4:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1503307", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:22.0.1:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-912048", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:22:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1673302", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:23:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-912047", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:8u401:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1503308", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:8u411:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1672741", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1673439", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:8u421:*:*:*:enterprise_performance:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-912602", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.13:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1503647", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition20.3.14:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1503648", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.10:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-912603", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:graalvm_enterprise_edition21.3.9:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-912604", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.10:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1503649", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk17.0.11:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-912605", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.2:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1503650", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk21.0.3:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1503651", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22.0.1:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-912606", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:graalvm_for_jdk22:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1674674", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_20.3.15:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1674680", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_enterprise_edition_21.3.11:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1674673", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_17.0.12:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1674675", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_21.0.4:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1674672", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:oracle_graalvm_for_jdk_23:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1674681", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_11.0.24:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1674676", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_17.0.12:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1674678", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_21.0.4:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1674677", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_23:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-1674679", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:oracle_java_se_8u421:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "java_se", "product": { "name": "java_se", "product_id": "CSAFPID-220891", "product_identification_helper": { "cpe": "cpe:2.3:a:oracle:java_se:perf:*:*:*:*:*:*:*" } } } ], "category": "vendor", "name": "oracle" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-7104", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "other", "text": "Heap-based Buffer Overflow", "title": "CWE-122" } ], "product_status": { "known_affected": [ "CSAFPID-1672741" ] }, "references": [ { "category": "self", "summary": "CVE-2023-7104", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-7104.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "baseScore": 7.3, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1672741" ] } ], "title": "CVE-2023-7104" }, { "cve": "CVE-2023-42950", "product_status": { "known_affected": [ "CSAFPID-1672741", "CSAFPID-1673406", "CSAFPID-1673407", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681" ] }, "references": [ { "category": "self", "summary": "CVE-2023-42950", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42950.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1672741", "CSAFPID-1673406", "CSAFPID-1673407", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681" ] } ], "title": "CVE-2023-42950" }, { "cve": "CVE-2024-21208", "cwe": { "id": "CWE-130", "name": "Improper Handling of Length Parameter Inconsistency" }, "notes": [ { "category": "other", "text": "Improper Handling of Length Parameter Inconsistency", "title": "CWE-130" } ], "product_status": { "known_affected": [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673300", "CSAFPID-1673301", "CSAFPID-1673302", "CSAFPID-1673303", "CSAFPID-1673304", "CSAFPID-1673305", "CSAFPID-1672741", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681" ] }, "references": [ { "category": "self", "summary": "CVE-2024-21208", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21208.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 3.7, "baseSeverity": "LOW" }, "products": [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673300", "CSAFPID-1673301", "CSAFPID-1673302", "CSAFPID-1673303", "CSAFPID-1673304", "CSAFPID-1673305", "CSAFPID-1672741", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681" ] } ], "title": "CVE-2024-21208" }, { "cve": "CVE-2024-21210", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "other", "text": "Integer Overflow or Wraparound", "title": "CWE-190" } ], "product_status": { "known_affected": [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673305", "CSAFPID-1672741", "CSAFPID-1673303", "CSAFPID-1673302", "CSAFPID-1673306", "CSAFPID-220891", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681" ] }, "references": [ { "category": "self", "summary": "CVE-2024-21210", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21210.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 3.7, "baseSeverity": "LOW" }, "products": [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673305", "CSAFPID-1672741", "CSAFPID-1673303", "CSAFPID-1673302", "CSAFPID-1673306", "CSAFPID-220891", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681" ] } ], "title": "CVE-2024-21210" }, { "cve": "CVE-2024-21211", "product_status": { "known_affected": [ "CSAFPID-1673120", "CSAFPID-1673121", "CSAFPID-1673122", "CSAFPID-1673123", "CSAFPID-1673124", "CSAFPID-1673125", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673300", "CSAFPID-1673302", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681" ] }, "references": [ { "category": "self", "summary": "CVE-2024-21211", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21211.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "baseScore": 3.7, "baseSeverity": "LOW" }, "products": [ "CSAFPID-1673120", "CSAFPID-1673121", "CSAFPID-1673122", "CSAFPID-1673123", "CSAFPID-1673124", "CSAFPID-1673125", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673300", "CSAFPID-1673302", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681" ] } ], "title": "CVE-2024-21211" }, { "cve": "CVE-2024-21217", "cwe": { "id": "CWE-789", "name": "Memory Allocation with Excessive Size Value" }, "notes": [ { "category": "other", "text": "Memory Allocation with Excessive Size Value", "title": "CWE-789" } ], "product_status": { "known_affected": [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673305", "CSAFPID-1673302", "CSAFPID-1673303", "CSAFPID-1672741", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673300", "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681" ] }, "references": [ { "category": "self", "summary": "CVE-2024-21217", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21217.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 3.7, "baseSeverity": "LOW" }, "products": [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673305", "CSAFPID-1673302", "CSAFPID-1673303", "CSAFPID-1672741", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673300", "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681" ] } ], "title": "CVE-2024-21217" }, { "cve": "CVE-2024-21235", "cwe": { "id": "CWE-195", "name": "Signed to Unsigned Conversion Error" }, "notes": [ { "category": "other", "text": "Signed to Unsigned Conversion Error", "title": "CWE-195" } ], "product_status": { "known_affected": [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673305", "CSAFPID-1673302", "CSAFPID-1673301", "CSAFPID-1672741", "CSAFPID-1673300", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673304", "CSAFPID-1673303", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681" ] }, "references": [ { "category": "self", "summary": "CVE-2024-21235", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21235.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 4.8, "baseSeverity": "MEDIUM" }, "products": [ "CSAFPID-1673106", "CSAFPID-1673107", "CSAFPID-1673108", "CSAFPID-1673109", "CSAFPID-1673110", "CSAFPID-1673111", "CSAFPID-1673112", "CSAFPID-1673113", "CSAFPID-1673114", "CSAFPID-1673115", "CSAFPID-1673116", "CSAFPID-1673305", "CSAFPID-1673302", "CSAFPID-1673301", "CSAFPID-1672741", "CSAFPID-1673300", "CSAFPID-220891", "CSAFPID-1673306", "CSAFPID-1673304", "CSAFPID-1673303", "CSAFPID-1673407", "CSAFPID-1673406", "CSAFPID-1673439", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681" ] } ], "title": "CVE-2024-21235" }, { "cve": "CVE-2024-25062", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "other", "text": "Use After Free", "title": "CWE-416" } ], "product_status": { "known_affected": [ "CSAFPID-1672741", "CSAFPID-1673406", "CSAFPID-1673407", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", "CSAFPID-550274", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912047", "CSAFPID-912048", "CSAFPID-912049", "CSAFPID-912050", "CSAFPID-912051", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912602", "CSAFPID-912603", "CSAFPID-912604", "CSAFPID-912605", "CSAFPID-1503604", "CSAFPID-912606", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503647", "CSAFPID-1503648", "CSAFPID-1503649", "CSAFPID-1503650", "CSAFPID-1503651", "CSAFPID-1503300", "CSAFPID-1503304", "CSAFPID-1503305", "CSAFPID-1503307", "CSAFPID-1503308" ] }, "references": [ { "category": "self", "summary": "CVE-2024-25062", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-25062.json" } ], "scores": [ { "cvss_v3": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-1672741", "CSAFPID-1673406", "CSAFPID-1673407", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681", "CSAFPID-550274", "CSAFPID-912044", "CSAFPID-912045", "CSAFPID-912046", "CSAFPID-912047", "CSAFPID-912048", "CSAFPID-912049", "CSAFPID-912050", "CSAFPID-912051", "CSAFPID-912600", "CSAFPID-912601", "CSAFPID-912602", "CSAFPID-912603", "CSAFPID-912604", "CSAFPID-912605", "CSAFPID-1503604", "CSAFPID-912606", "CSAFPID-1503299", "CSAFPID-1503302", "CSAFPID-1503306", "CSAFPID-1503647", "CSAFPID-1503648", "CSAFPID-1503649", "CSAFPID-1503650", "CSAFPID-1503651", "CSAFPID-1503300", "CSAFPID-1503304", "CSAFPID-1503305", "CSAFPID-1503307", "CSAFPID-1503308" ] } ], "title": "CVE-2024-25062" }, { "cve": "CVE-2024-36138", "cwe": { "id": "CWE-77", "name": "Improper Neutralization of Special Elements used in a Command ('Command Injection')" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Special Elements used in a Command ('Command Injection')", "title": "CWE-77" } ], "product_status": { "known_affected": [ "CSAFPID-1673301", "CSAFPID-1673304", "CSAFPID-1673300", "CSAFPID-1674672", "CSAFPID-1674673", "CSAFPID-1674674", "CSAFPID-1674675", "CSAFPID-1674676", "CSAFPID-1674677", "CSAFPID-1674678", "CSAFPID-1674679", "CSAFPID-1674680", "CSAFPID-1674681" ] }, "references": [ { "category": "self", "summary": "CVE-2024-36138", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-36138.json" } ], "title": "CVE-2024-36138" } ] }