Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-4076 (GCVE-0-2024-4076)
Vulnerability from cvelistv5 – Published: 2024-07-23 14:40 – Updated: 2025-02-13 17:53
VLAI
EPSS
VEX
Title
Assertion failure when serving both stale cache data and authoritative zone content
Summary
Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.
This issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-617 - Reachable Assertion
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| ISC | BIND 9 |
Affected:
9.16.13 , ≤ 9.16.50
(custom)
Affected: 9.18.0 , ≤ 9.18.27 (custom) Affected: 9.19.0 , ≤ 9.19.24 (custom) Affected: 9.11.33-S1 , ≤ 9.11.37-S1 (custom) Affected: 9.16.13-S1 , ≤ 9.16.50-S1 (custom) Affected: 9.18.11-S1 , ≤ 9.18.27-S1 (custom) |
|
| isc | bind |
Affected:
9.16.13 , ≤ 9.16.50
(custom)
Affected: 9.18.0 , ≤ 9.18.27 (custom) Affected: 9.19.0 , ≤ 9.19.24 (custom) Affected: 9.11.33-s1 , ≤ 9.11.37-s1 (custom) Affected: 9.16.13-s1 , ≤ 9.16.50-s1 (custom) Affected: 9.18.11-s1 , ≤ 9.18.27-s1 (custom) cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:* |
Date Public
2024-07-23 00:00
Credits
ISC would like to thank Daniel Stränger for bringing this vulnerability to our attention.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bind",
"vendor": "isc",
"versions": [
{
"lessThanOrEqual": "9.16.50",
"status": "affected",
"version": "9.16.13",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.24",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.11.37-s1",
"status": "affected",
"version": "9.11.33-s1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50-s1",
"status": "affected",
"version": "9.16.13-s1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27-s1",
"status": "affected",
"version": "9.18.11-s1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4076",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-23T15:10:37.488270Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617 Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T18:47:06.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:51.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240731-0001/"
},
{
"name": "CVE-2024-4076",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://kb.isc.org/docs/cve-2024-4076"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BIND 9",
"vendor": "ISC",
"versions": [
{
"lessThanOrEqual": "9.16.50",
"status": "affected",
"version": "9.16.13",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27",
"status": "affected",
"version": "9.18.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.19.24",
"status": "affected",
"version": "9.19.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.11.37-S1",
"status": "affected",
"version": "9.11.33-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.16.50-S1",
"status": "affected",
"version": "9.16.13-S1",
"versionType": "custom"
},
{
"lessThanOrEqual": "9.18.27-S1",
"status": "affected",
"version": "9.18.11-S1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ISC would like to thank Daniel Str\u00e4nger for bringing this vulnerability to our attention."
}
],
"datePublic": "2024-07-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.\nThis issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1."
}
],
"exploits": [
{
"lang": "en",
"value": "We are not aware of any active exploits."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "A `named` instance vulnerable to this logic error may terminate unexpectedly."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T11:05:58.936Z",
"orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"shortName": "isc"
},
"references": [
{
"name": "CVE-2024-4076",
"tags": [
"vendor-advisory"
],
"url": "https://kb.isc.org/docs/cve-2024-4076"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/23/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/31/2"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Assertion failure when serving both stale cache data and authoritative zone content",
"workarounds": [
{
"lang": "en",
"value": "Disabling serve-stale answers mitigates this issue."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
"assignerShortName": "isc",
"cveId": "CVE-2024-4076",
"datePublished": "2024-07-23T14:40:57.256Z",
"dateReserved": "2024-04-23T13:59:44.699Z",
"dateUpdated": "2025-02-13T17:53:23.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-4076",
"date": "2026-07-14",
"epss": "0.02111",
"percentile": "0.79652"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.\\nThis issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.\"}, {\"lang\": \"es\", \"value\": \" Las consultas de los clientes que desencadenan la entrega de datos obsoletos y que tambi\\u00e9n requieren b\\u00fasquedas en datos de la zona autorizada local pueden provocar un error de aserci\\u00f3n. Este problema afecta a las versiones de BIND 9, 9.16.13 a 9.16.50, 9.18.0 a 9.18.27, 9.19.0 a 9.19.24, 9.11.33-S1 a 9.11.37-S1, 9.16.13-S1 a 9.16. 50-S1 y 9.18.11-S1 a 9.18.27-S1.\"}]",
"id": "CVE-2024-4076",
"lastModified": "2024-11-21T09:42:08.807",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-officer@isc.org\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2024-07-23T15:15:05.500",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/23/1\", \"source\": \"security-officer@isc.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/31/2\", \"source\": \"security-officer@isc.org\"}, {\"url\": \"https://kb.isc.org/docs/cve-2024-4076\", \"source\": \"security-officer@isc.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/23/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kb.isc.org/docs/cve-2024-4076\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240731-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-officer@isc.org",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-617\"}]}]"
},
"microsoft_vex": {
"current_release_date": "2026-02-18T02:36:45.000Z",
"cve": "CVE-2024-4076",
"id": "msrc_CVE-2024-4076",
"initial_release_date": "2024-07-01T07:00:00.000Z",
"product_status:fixed": "3",
"product_status:known_affected": "3",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Assertion failure when serving both stale cache data and authoritative zone content",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-4076.json",
"version": "3"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-4076\",\"sourceIdentifier\":\"security-officer@isc.org\",\"published\":\"2024-07-23T15:15:05.500\",\"lastModified\":\"2026-06-17T08:01:03.687\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.\\nThis issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.\"},{\"lang\":\"es\",\"value\":\" Las consultas de los clientes que desencadenan la entrega de datos obsoletos y que tambi\u00e9n requieren b\u00fasquedas en datos de la zona autorizada local pueden provocar un error de aserci\u00f3n. Este problema afecta a las versiones de BIND 9, 9.16.13 a 9.16.50, 9.18.0 a 9.18.27, 9.19.0 a 9.19.24, 9.11.33-S1 a 9.11.37-S1, 9.16.13-S1 a 9.16. 50-S1 y 9.18.11-S1 a 9.18.27-S1.\"}],\"affected\":[{\"source\":\"security-officer@isc.org\",\"affectedData\":[{\"vendor\":\"ISC\",\"product\":\"BIND 9\",\"defaultStatus\":\"unaffected\",\"versions\":[{\"version\":\"9.16.13\",\"lessThanOrEqual\":\"9.16.50\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"9.18.0\",\"lessThanOrEqual\":\"9.18.27\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"9.19.0\",\"lessThanOrEqual\":\"9.19.24\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"9.11.33-S1\",\"lessThanOrEqual\":\"9.11.37-S1\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"9.16.13-S1\",\"lessThanOrEqual\":\"9.16.50-S1\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"9.18.11-S1\",\"lessThanOrEqual\":\"9.18.27-S1\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"isc\",\"product\":\"bind\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"9.16.13\",\"lessThanOrEqual\":\"9.16.50\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"9.18.0\",\"lessThanOrEqual\":\"9.18.27\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"9.19.0\",\"lessThanOrEqual\":\"9.19.24\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"9.11.33-s1\",\"lessThanOrEqual\":\"9.11.37-s1\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"9.16.13-s1\",\"lessThanOrEqual\":\"9.16.50-s1\",\"versionType\":\"custom\",\"status\":\"affected\"},{\"version\":\"9.18.11-s1\",\"lessThanOrEqual\":\"9.18.27-s1\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-officer@isc.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-07-23T15:10:37.488270Z\",\"id\":\"CVE-2024-4076\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/23/1\",\"source\":\"security-officer@isc.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/31/2\",\"source\":\"security-officer@isc.org\"},{\"url\":\"https://kb.isc.org/docs/cve-2024-4076\",\"source\":\"security-officer@isc.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/07/23/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.isc.org/docs/cve-2024-4076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240731-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-03-24T13:15:56+00:00",
"cve": "CVE-2024-4076",
"id": "CVE-2024-4076",
"initial_release_date": "2024-07-23T00:00:00+00:00",
"product_status:fixed": "603",
"product_status:known_affected": "9",
"product_status:known_not_affected": "2704",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "bind: bind9: Assertion failure when serving both stale cache data and authoritative zone content",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2024/cve-2024-4076.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20240731-0001/\"}, {\"url\": \"https://kb.isc.org/docs/cve-2024-4076\", \"name\": \"CVE-2024-4076\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/23/1\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:33:51.640Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-4076\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-23T15:10:37.488270Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*\"], \"vendor\": \"isc\", \"product\": \"bind\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.16.13\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.16.50\"}, {\"status\": \"affected\", \"version\": \"9.18.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.18.27\"}, {\"status\": \"affected\", \"version\": \"9.19.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.19.24\"}, {\"status\": \"affected\", \"version\": \"9.11.33-s1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.11.37-s1\"}, {\"status\": \"affected\", \"version\": \"9.16.13-s1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.16.50-s1\"}, {\"status\": \"affected\", \"version\": \"9.18.11-s1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.18.27-s1\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-617\", \"description\": \"CWE-617 Reachable Assertion\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-23T15:34:53.558Z\"}}], \"cna\": {\"title\": \"Assertion failure when serving both stale cache data and authoritative zone content\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"ISC would like to thank Daniel Str\\u00e4nger for bringing this vulnerability to our attention.\"}], \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"A `named` instance vulnerable to this logic error may terminate unexpectedly.\"}]}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"ISC\", \"product\": \"BIND 9\", \"versions\": [{\"status\": \"affected\", \"version\": \"9.16.13\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.16.50\"}, {\"status\": \"affected\", \"version\": \"9.18.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.18.27\"}, {\"status\": \"affected\", \"version\": \"9.19.0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.19.24\"}, {\"status\": \"affected\", \"version\": \"9.11.33-S1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.11.37-S1\"}, {\"status\": \"affected\", \"version\": \"9.16.13-S1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.16.50-S1\"}, {\"status\": \"affected\", \"version\": \"9.18.11-S1\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"9.18.27-S1\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"We are not aware of any active exploits.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to the patched release most closely related to your current version of BIND 9: 9.18.28, 9.20.0, or 9.18.28-S1.\"}], \"datePublic\": \"2024-07-23T00:00:00.000Z\", \"references\": [{\"url\": \"https://kb.isc.org/docs/cve-2024-4076\", \"name\": \"CVE-2024-4076\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/23/1\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/07/31/2\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Disabling serve-stale answers mitigates this issue.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Client queries that trigger serving stale data and that also require lookups in local authoritative zone data may result in an assertion failure.\\nThis issue affects BIND 9 versions 9.16.13 through 9.16.50, 9.18.0 through 9.18.27, 9.19.0 through 9.19.24, 9.11.33-S1 through 9.11.37-S1, 9.16.13-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.27-S1.\"}], \"providerMetadata\": {\"orgId\": \"404fd4d2-a609-4245-b543-2c944a302a22\", \"shortName\": \"isc\", \"dateUpdated\": \"2024-07-31T11:05:58.936Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-4076\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:53:23.437Z\", \"dateReserved\": \"2024-04-23T13:59:44.699Z\", \"assignerOrgId\": \"404fd4d2-a609-4245-b543-2c944a302a22\", \"datePublished\": \"2024-07-23T14:40:57.256Z\", \"assignerShortName\": \"isc\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
WID-SEC-W-2024-1700
Vulnerability from csaf_certbund - Published: 2024-07-23 22:00 - Updated: 2026-01-06 23:00Summary
Internet Systems Consortium BIND: Mehrere Schwachstellen ermöglichen Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP 15.1.0-15.1.10
F5 / BIG-IP
|
cpe:/a:f5:big-ip:15.1.0_-_15.1.10
|
15.1.0-15.1.10 | |
|
IBM Storwize V5000
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000
|
V5000 | |
|
IBM QRadar SIEM <7.5.0 UP9 IF03
IBM / QRadar SIEM
|
<7.5.0 UP9 IF03 | ||
|
IBM Storwize V5100
IBM / Storwize
|
cpe:/a:ibm:storwize:v5100
|
V5100 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Infoblox NIOS 9.0.4
Infoblox / NIOS
|
cpe:/o:infoblox:nios:9.0.4
|
9.0.4 | |
|
IBM FlashSystem 9100 Family
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:9100_family
|
9100 Family | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
IBM FlashSystem 9200
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:9200
|
9200 | |
|
IBM FlashSystem V9000
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:v9000
|
V9000 | |
|
IBM Storwize V7000
IBM / Storwize
|
cpe:/a:ibm:storwize:v7000
|
V7000 | |
|
IBM FlashSystem 9500
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:9500
|
9500 | |
|
IBM Storwize V5000E
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000e
|
V5000E | |
|
F5 BIG-IP
F5 / BIG-IP
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM FlashSystem
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
Infoblox DDI
Infoblox
|
cpe:/a:infoblox:ddi:-
|
— | |
|
Infoblox NIOS 8.6.4
Infoblox / NIOS
|
cpe:/o:infoblox:nios:8.6.4
|
8.6.4 | |
|
F5 BIG-IP 17.1.0-17.1.1
F5 / BIG-IP
|
cpe:/a:f5:big-ip:17.1.0_-_17.1.1
|
17.1.0-17.1.1 | |
|
Infoblox NIOS 9.0.2
Infoblox / NIOS
|
cpe:/o:infoblox:nios:9.0.2
|
9.0.2 | |
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
Infoblox NIOS 9.0.3
Infoblox / NIOS
|
cpe:/o:infoblox:nios:9.0.3
|
9.0.3 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
F5 BIG-IP 16.1.0-16.1.5
F5 / BIG-IP
|
cpe:/a:f5:big-ip:16.1.0_-_16.1.5
|
16.1.0-16.1.5 | |
|
Internet Systems Consortium BIND <9.18.28
Internet Systems Consortium / BIND
|
<9.18.28 | ||
|
Internet Systems Consortium BIND <9.20.0
Internet Systems Consortium / BIND
|
<9.20.0 | ||
|
IBM AIX
IBM / AIX
|
cpe:/o:ibm:aix:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
NetApp Data ONTAP 9
NetApp / Data ONTAP
|
cpe:/a:netapp:data_ontap:9
|
9 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
IBM FlashSystem 7300
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:7300
|
7300 | |
|
Insyde UEFI Firmware <RV23.08
Insyde / UEFI Firmware
|
<RV23.08 | ||
|
Insyde UEFI Firmware <RV24.06
Insyde / UEFI Firmware
|
<RV24.06 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Infoblox NIOS 8.6.3
Infoblox / NIOS
|
cpe:/o:infoblox:nios:8.6.3
|
8.6.3 | |
|
IBM FlashSystem 5000
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:5000
|
5000 | |
|
IBM FlashSystem 7200
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:7200
|
7200 | |
|
IBM FlashSystem 5200
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:5200
|
5200 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere
|
— | |
|
Infoblox NIOS 8.6.2
Infoblox / NIOS
|
cpe:/o:infoblox:nios:8.6.2
|
8.6.2 |
Affected products
Known affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP 15.1.0-15.1.10
F5 / BIG-IP
|
cpe:/a:f5:big-ip:15.1.0_-_15.1.10
|
15.1.0-15.1.10 | |
|
IBM Storwize V5000
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000
|
V5000 | |
|
IBM QRadar SIEM <7.5.0 UP9 IF03
IBM / QRadar SIEM
|
<7.5.0 UP9 IF03 | ||
|
IBM Storwize V5100
IBM / Storwize
|
cpe:/a:ibm:storwize:v5100
|
V5100 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Infoblox NIOS 9.0.4
Infoblox / NIOS
|
cpe:/o:infoblox:nios:9.0.4
|
9.0.4 | |
|
IBM FlashSystem 9100 Family
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:9100_family
|
9100 Family | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
IBM FlashSystem 9200
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:9200
|
9200 | |
|
IBM FlashSystem V9000
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:v9000
|
V9000 | |
|
IBM Storwize V7000
IBM / Storwize
|
cpe:/a:ibm:storwize:v7000
|
V7000 | |
|
IBM FlashSystem 9500
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:9500
|
9500 | |
|
IBM Storwize V5000E
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000e
|
V5000E | |
|
F5 BIG-IP
F5 / BIG-IP
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM FlashSystem
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
Infoblox DDI
Infoblox
|
cpe:/a:infoblox:ddi:-
|
— | |
|
Infoblox NIOS 8.6.4
Infoblox / NIOS
|
cpe:/o:infoblox:nios:8.6.4
|
8.6.4 | |
|
F5 BIG-IP 17.1.0-17.1.1
F5 / BIG-IP
|
cpe:/a:f5:big-ip:17.1.0_-_17.1.1
|
17.1.0-17.1.1 | |
|
Infoblox NIOS 9.0.2
Infoblox / NIOS
|
cpe:/o:infoblox:nios:9.0.2
|
9.0.2 | |
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
Infoblox NIOS 9.0.3
Infoblox / NIOS
|
cpe:/o:infoblox:nios:9.0.3
|
9.0.3 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
F5 BIG-IP 16.1.0-16.1.5
F5 / BIG-IP
|
cpe:/a:f5:big-ip:16.1.0_-_16.1.5
|
16.1.0-16.1.5 | |
|
Internet Systems Consortium BIND <9.18.28
Internet Systems Consortium / BIND
|
<9.18.28 | ||
|
Internet Systems Consortium BIND <9.20.0
Internet Systems Consortium / BIND
|
<9.20.0 | ||
|
IBM AIX
IBM / AIX
|
cpe:/o:ibm:aix:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
NetApp Data ONTAP 9
NetApp / Data ONTAP
|
cpe:/a:netapp:data_ontap:9
|
9 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
IBM FlashSystem 7300
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:7300
|
7300 | |
|
Insyde UEFI Firmware <RV23.08
Insyde / UEFI Firmware
|
<RV23.08 | ||
|
Insyde UEFI Firmware <RV24.06
Insyde / UEFI Firmware
|
<RV24.06 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Infoblox NIOS 8.6.3
Infoblox / NIOS
|
cpe:/o:infoblox:nios:8.6.3
|
8.6.3 | |
|
IBM FlashSystem 5000
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:5000
|
5000 | |
|
IBM FlashSystem 7200
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:7200
|
7200 | |
|
IBM FlashSystem 5200
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:5200
|
5200 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere
|
— | |
|
Infoblox NIOS 8.6.2
Infoblox / NIOS
|
cpe:/o:infoblox:nios:8.6.2
|
8.6.2 |
Affected products
Known affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP 15.1.0-15.1.10
F5 / BIG-IP
|
cpe:/a:f5:big-ip:15.1.0_-_15.1.10
|
15.1.0-15.1.10 | |
|
IBM Storwize V5000
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000
|
V5000 | |
|
IBM QRadar SIEM <7.5.0 UP9 IF03
IBM / QRadar SIEM
|
<7.5.0 UP9 IF03 | ||
|
IBM Storwize V5100
IBM / Storwize
|
cpe:/a:ibm:storwize:v5100
|
V5100 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Infoblox NIOS 9.0.4
Infoblox / NIOS
|
cpe:/o:infoblox:nios:9.0.4
|
9.0.4 | |
|
IBM FlashSystem 9100 Family
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:9100_family
|
9100 Family | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
IBM FlashSystem 9200
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:9200
|
9200 | |
|
IBM FlashSystem V9000
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:v9000
|
V9000 | |
|
IBM Storwize V7000
IBM / Storwize
|
cpe:/a:ibm:storwize:v7000
|
V7000 | |
|
IBM FlashSystem 9500
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:9500
|
9500 | |
|
IBM Storwize V5000E
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000e
|
V5000E | |
|
F5 BIG-IP
F5 / BIG-IP
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM FlashSystem
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
Infoblox DDI
Infoblox
|
cpe:/a:infoblox:ddi:-
|
— | |
|
Infoblox NIOS 8.6.4
Infoblox / NIOS
|
cpe:/o:infoblox:nios:8.6.4
|
8.6.4 | |
|
F5 BIG-IP 17.1.0-17.1.1
F5 / BIG-IP
|
cpe:/a:f5:big-ip:17.1.0_-_17.1.1
|
17.1.0-17.1.1 | |
|
Infoblox NIOS 9.0.2
Infoblox / NIOS
|
cpe:/o:infoblox:nios:9.0.2
|
9.0.2 | |
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
Infoblox NIOS 9.0.3
Infoblox / NIOS
|
cpe:/o:infoblox:nios:9.0.3
|
9.0.3 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
F5 BIG-IP 16.1.0-16.1.5
F5 / BIG-IP
|
cpe:/a:f5:big-ip:16.1.0_-_16.1.5
|
16.1.0-16.1.5 | |
|
Internet Systems Consortium BIND <9.18.28
Internet Systems Consortium / BIND
|
<9.18.28 | ||
|
Internet Systems Consortium BIND <9.20.0
Internet Systems Consortium / BIND
|
<9.20.0 | ||
|
IBM AIX
IBM / AIX
|
cpe:/o:ibm:aix:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
NetApp Data ONTAP 9
NetApp / Data ONTAP
|
cpe:/a:netapp:data_ontap:9
|
9 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
IBM FlashSystem 7300
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:7300
|
7300 | |
|
Insyde UEFI Firmware <RV23.08
Insyde / UEFI Firmware
|
<RV23.08 | ||
|
Insyde UEFI Firmware <RV24.06
Insyde / UEFI Firmware
|
<RV24.06 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Infoblox NIOS 8.6.3
Infoblox / NIOS
|
cpe:/o:infoblox:nios:8.6.3
|
8.6.3 | |
|
IBM FlashSystem 5000
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:5000
|
5000 | |
|
IBM FlashSystem 7200
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:7200
|
7200 | |
|
IBM FlashSystem 5200
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:5200
|
5200 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere
|
— | |
|
Infoblox NIOS 8.6.2
Infoblox / NIOS
|
cpe:/o:infoblox:nios:8.6.2
|
8.6.2 |
Affected products
Known affected
46 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
F5 BIG-IP 15.1.0-15.1.10
F5 / BIG-IP
|
cpe:/a:f5:big-ip:15.1.0_-_15.1.10
|
15.1.0-15.1.10 | |
|
IBM Storwize V5000
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000
|
V5000 | |
|
IBM QRadar SIEM <7.5.0 UP9 IF03
IBM / QRadar SIEM
|
<7.5.0 UP9 IF03 | ||
|
IBM Storwize V5100
IBM / Storwize
|
cpe:/a:ibm:storwize:v5100
|
V5100 | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Infoblox NIOS 9.0.4
Infoblox / NIOS
|
cpe:/o:infoblox:nios:9.0.4
|
9.0.4 | |
|
IBM FlashSystem 9100 Family
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:9100_family
|
9100 Family | |
|
IBM AIX 7.3
IBM / AIX
|
cpe:/o:ibm:aix:7.3
|
7.3 | |
|
IBM SAN Volume Controller
IBM
|
cpe:/a:ibm:san_volume_controller:-
|
— | |
|
IBM FlashSystem 9200
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:9200
|
9200 | |
|
IBM FlashSystem V9000
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:v9000
|
V9000 | |
|
IBM Storwize V7000
IBM / Storwize
|
cpe:/a:ibm:storwize:v7000
|
V7000 | |
|
IBM FlashSystem 9500
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:9500
|
9500 | |
|
IBM Storwize V5000E
IBM / Storwize
|
cpe:/a:ibm:storwize:v5000e
|
V5000E | |
|
F5 BIG-IP
F5 / BIG-IP
|
cpe:/a:f5:big-ip:-
|
— | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
IBM FlashSystem
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:-
|
— | |
|
Infoblox DDI
Infoblox
|
cpe:/a:infoblox:ddi:-
|
— | |
|
Infoblox NIOS 8.6.4
Infoblox / NIOS
|
cpe:/o:infoblox:nios:8.6.4
|
8.6.4 | |
|
F5 BIG-IP 17.1.0-17.1.1
F5 / BIG-IP
|
cpe:/a:f5:big-ip:17.1.0_-_17.1.1
|
17.1.0-17.1.1 | |
|
Infoblox NIOS 9.0.2
Infoblox / NIOS
|
cpe:/o:infoblox:nios:9.0.2
|
9.0.2 | |
|
Xerox FreeFlow Print Server v9 for Solaris
Xerox / FreeFlow Print Server
|
cpe:/a:xerox:freeflow_print_server:v9_for_solaris
|
v9 for Solaris | |
|
IBM AIX 7.2
IBM / AIX
|
cpe:/o:ibm:aix:7.2
|
7.2 | |
|
Infoblox NIOS 9.0.3
Infoblox / NIOS
|
cpe:/o:infoblox:nios:9.0.3
|
9.0.3 | |
|
IBM VIOS 3.1
IBM / VIOS
|
cpe:/a:ibm:vios:3.1
|
3.1 | |
|
IBM VIOS 4.1
IBM / VIOS
|
cpe:/a:ibm:vios:4.1
|
4.1 | |
|
F5 BIG-IP 16.1.0-16.1.5
F5 / BIG-IP
|
cpe:/a:f5:big-ip:16.1.0_-_16.1.5
|
16.1.0-16.1.5 | |
|
Internet Systems Consortium BIND <9.18.28
Internet Systems Consortium / BIND
|
<9.18.28 | ||
|
Internet Systems Consortium BIND <9.20.0
Internet Systems Consortium / BIND
|
<9.20.0 | ||
|
IBM AIX
IBM / AIX
|
cpe:/o:ibm:aix:-
|
— | |
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
NetApp Data ONTAP 9
NetApp / Data ONTAP
|
cpe:/a:netapp:data_ontap:9
|
9 | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
IBM FlashSystem 7300
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:7300
|
7300 | |
|
Insyde UEFI Firmware <RV23.08
Insyde / UEFI Firmware
|
<RV23.08 | ||
|
Insyde UEFI Firmware <RV24.06
Insyde / UEFI Firmware
|
<RV24.06 | ||
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
Infoblox NIOS 8.6.3
Infoblox / NIOS
|
cpe:/o:infoblox:nios:8.6.3
|
8.6.3 | |
|
IBM FlashSystem 5000
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:5000
|
5000 | |
|
IBM FlashSystem 7200
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:7200
|
7200 | |
|
IBM FlashSystem 5200
IBM / FlashSystem
|
cpe:/a:ibm:flashsystem:5200
|
5200 | |
|
NetApp ActiveIQ Unified Manager
NetApp
|
cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere
|
— | |
|
Infoblox NIOS 8.6.2
Infoblox / NIOS
|
cpe:/o:infoblox:nios:8.6.2
|
8.6.2 |
References
63 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BIND (Berkeley Internet Name Domain) ist ein Open-Source-Softwarepaket, das einen Domain-Name-System-Server implementiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Internet Systems Consortium BIND ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1700 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1700.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1700 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1700"
},
{
"category": "external",
"summary": "OSS Security Mailing List vom 2024-07-23",
"url": "https://seclists.org/oss-sec/2024/q3/101"
},
{
"category": "external",
"summary": "BIND Security Advisory vom 2024-07-23",
"url": "https://kb.isc.org/docs/cve-2024-0760"
},
{
"category": "external",
"summary": "BIND Security Advisory vom 2024-07-23",
"url": "https://kb.isc.org/docs/cve-2024-1737"
},
{
"category": "external",
"summary": "BIND Security Advisory vom 2024-07-23",
"url": "https://kb.isc.org/docs/cve-2024-1975"
},
{
"category": "external",
"summary": "BIND Security Advisory vom 2024-07-23",
"url": "https://kb.isc.org/docs/cve-2024-4076"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6909-1 vom 2024-07-23",
"url": "https://ubuntu.com/security/notices/USN-6909-1"
},
{
"category": "external",
"summary": "Infoblox Advisory",
"url": "https://support.infoblox.com/s/article/000009904"
},
{
"category": "external",
"summary": "Infoblox Advisory",
"url": "https://support.infoblox.com/s/article/000009906"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5734 vom 2024-07-26",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00145.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2636-1 vom 2024-07-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019038.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-8AF1780FDF vom 2024-07-31",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-8af1780fdf"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20240731-0003 vom 2024-07-31",
"url": "https://security.netapp.com/advisory/ntap-20240731-0003/"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20240731-0002 vom 2024-07-31",
"url": "https://security.netapp.com/advisory/ntap-20240731-0002/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-56AE6C2C7A vom 2024-07-31",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-56ae6c2c7a"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20240731-0001 vom 2024-07-31",
"url": "https://security.netapp.com/advisory/ntap-20240731-0001/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2024-EF8A7031E7 vom 2024-08-01",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-ef8a7031e7"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6909-2 vom 2024-08-01",
"url": "https://ubuntu.com/security/notices/USN-6909-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2810-1 vom 2024-08-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019125.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2811-1 vom 2024-08-07",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019124.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2863-1 vom 2024-08-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019158.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2863-1 vom 2024-08-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019159.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2863-1 vom 2024-08-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019160.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2862-1 vom 2024-08-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019161.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2868-1 vom 2024-08-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019165.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5231 vom 2024-08-12",
"url": "https://access.redhat.com/errata/RHSA-2024:5231"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-2616 vom 2024-08-13",
"url": "https://alas.aws.amazon.com/AL2/ALAS-2024-2616.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5231 vom 2024-08-13",
"url": "https://linux.oracle.com/errata/ELSA-2024-5231.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5390 vom 2024-08-15",
"url": "https://access.redhat.com/errata/RHSA-2024:5390"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5390 vom 2024-08-14",
"url": "https://linux.oracle.com/errata/ELSA-2024-5390.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5418 vom 2024-08-15",
"url": "https://access.redhat.com/errata/RHSA-2024:5418"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6909-3 vom 2024-08-15",
"url": "https://ubuntu.com/security/notices/USN-6909-3"
},
{
"category": "external",
"summary": "F5 Security Advisory K000140732 vom 2024-08-17",
"url": "https://my.f5.com/manage/s/article/K000140732"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5524 vom 2024-08-19",
"url": "https://access.redhat.com/errata/RHSA-2024:5524"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5525 vom 2024-08-19",
"url": "https://access.redhat.com/errata/RHSA-2024:5525"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5524 vom 2024-08-20",
"url": "http://linux.oracle.com/errata/ELSA-2024-5524.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5655 vom 2024-08-21",
"url": "https://access.redhat.com/errata/RHSA-2024:5655"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:5231 vom 2024-08-21",
"url": "https://errata.build.resf.org/RLSA-2024:5231"
},
{
"category": "external",
"summary": "F5 Security Advisory K000140745 vom 2024-08-22",
"url": "https://my.f5.com/manage/s/article/K000140745"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5813 vom 2024-08-26",
"url": "https://access.redhat.com/errata/RHSA-2024:5813"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5871 vom 2024-08-27",
"url": "https://access.redhat.com/errata/RHSA-2024:5871"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5838 vom 2024-08-26",
"url": "https://access.redhat.com/errata/RHSA-2024:5838"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5907 vom 2024-08-28",
"url": "https://access.redhat.com/errata/RHSA-2024:5907"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5894 vom 2024-08-27",
"url": "https://access.redhat.com/errata/RHSA-2024:5894"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5908 vom 2024-08-28",
"url": "https://access.redhat.com/errata/RHSA-2024:5908"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:5930 vom 2024-08-28",
"url": "https://access.redhat.com/errata/RHSA-2024:5930"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6004 vom 2024-09-04",
"url": "https://access.redhat.com/errata/RHSA-2024:6004"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6009 vom 2024-09-04",
"url": "https://access.redhat.com/errata/RHSA-2024:6009"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6013 vom 2024-09-05",
"url": "https://access.redhat.com/errata/RHSA-2024:6013"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6406 vom 2024-09-12",
"url": "https://access.redhat.com/errata/RHSA-2024:6406"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:6642 vom 2024-09-18",
"url": "https://access.redhat.com/errata/RHSA-2024:6642"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7168815 vom 2024-09-18",
"url": "https://www.ibm.com/support/pages/node/7168815"
},
{
"category": "external",
"summary": "Insyde Security Advisory INSYDE-SA-2024010 vom 2024-10-09",
"url": "https://www.insyde.com/security-pledge/SA-2024010"
},
{
"category": "external",
"summary": "Dell Security Advisory DSA-2024-422 vom 2024-10-10",
"url": "https://www.dell.com/support/kbdoc/de-de/000234730/dsa-2024-422-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-5930 vom 2024-10-15",
"url": "https://linux.oracle.com/errata/ELSA-2024-5930.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7176451 vom 2024-11-18",
"url": "https://aix.software.ibm.com/aix/efixes/security/bind_advisory27.asc"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7176451 vom 2024-11-19",
"url": "https://www.ibm.com/support/pages/node/7176451"
},
{
"category": "external",
"summary": "XEROX Security Advisory XRX25-001 vom 2025-01-13",
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2025/01/Xerox-Security-Bulletin-XRX25-001-for-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7181928 vom 2025-02-12",
"url": "https://www.ibm.com/support/pages/node/7181928"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7237155 vom 2025-06-26",
"url": "https://www.ibm.com/support/pages/node/7237155"
},
{
"category": "external",
"summary": "NetApp Security Advisory NTAP-20240731-0004 vom 2025-12-17",
"url": "https://security.netapp.com/advisory/NTAP-20240731-0004"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2025-22205 vom 2026-01-07",
"url": "https://linux.oracle.com/errata/ELSA-2025-22205.html"
}
],
"source_lang": "en-US",
"title": "Internet Systems Consortium BIND: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2026-01-06T23:00:00.000+00:00",
"generator": {
"date": "2026-01-07T11:31:17.353+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2024-1700",
"initial_release_date": "2024-07-23T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-23T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-07-25T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-07-29T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-07-31T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Fedora und NetApp aufgenommen"
},
{
"date": "2024-08-01T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-08-06T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-08T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-11T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-08-12T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-13T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Amazon und Oracle Linux aufgenommen"
},
{
"date": "2024-08-14T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2024-08-15T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-08-18T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von F5 und Red Hat aufgenommen"
},
{
"date": "2024-08-19T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-08-20T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-21T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
},
{
"date": "2024-08-22T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von F5 aufgenommen"
},
{
"date": "2024-08-25T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-26T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-27T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-08-28T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-03T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-04T22:00:00.000+00:00",
"number": "23",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-05T22:00:00.000+00:00",
"number": "24",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-11T22:00:00.000+00:00",
"number": "25",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-09-17T22:00:00.000+00:00",
"number": "26",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-10-08T22:00:00.000+00:00",
"number": "27",
"summary": "Neue Updates von Insyde aufgenommen"
},
{
"date": "2024-10-09T22:00:00.000+00:00",
"number": "28",
"summary": "Neue Updates von Dell aufgenommen"
},
{
"date": "2024-10-14T22:00:00.000+00:00",
"number": "29",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2024-11-18T23:00:00.000+00:00",
"number": "30",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-01-12T23:00:00.000+00:00",
"number": "31",
"summary": "Neue Updates von XEROX aufgenommen"
},
{
"date": "2025-02-11T23:00:00.000+00:00",
"number": "32",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-06-26T22:00:00.000+00:00",
"number": "33",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-12-17T23:00:00.000+00:00",
"number": "34",
"summary": "Neue Updates von NetApp aufgenommen"
},
{
"date": "2026-01-06T23:00:00.000+00:00",
"number": "35",
"summary": "Neue Updates von Oracle Linux aufgenommen"
}
],
"status": "final",
"version": "35"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "F5 BIG-IP",
"product": {
"name": "F5 BIG-IP",
"product_id": "T001663",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:-"
}
}
},
{
"category": "product_version",
"name": "17.1.0-17.1.1",
"product": {
"name": "F5 BIG-IP 17.1.0-17.1.1",
"product_id": "T034899",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:17.1.0_-_17.1.1"
}
}
},
{
"category": "product_version",
"name": "15.1.0-15.1.10",
"product": {
"name": "F5 BIG-IP 15.1.0-15.1.10",
"product_id": "T034902",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:15.1.0_-_15.1.10"
}
}
},
{
"category": "product_version",
"name": "16.1.0-16.1.5",
"product": {
"name": "F5 BIG-IP 16.1.0-16.1.5",
"product_id": "T037028",
"product_identification_helper": {
"cpe": "cpe:/a:f5:big-ip:16.1.0_-_16.1.5"
}
}
}
],
"category": "product_name",
"name": "BIG-IP"
}
],
"category": "vendor",
"name": "F5"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.3",
"product": {
"name": "IBM AIX 7.3",
"product_id": "1139691",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.3"
}
}
},
{
"category": "product_version",
"name": "7.2",
"product": {
"name": "IBM AIX 7.2",
"product_id": "434967",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:7.2"
}
}
},
{
"category": "product_name",
"name": "IBM AIX",
"product": {
"name": "IBM AIX",
"product_id": "T039245",
"product_identification_helper": {
"cpe": "cpe:/o:ibm:aix:-"
}
}
}
],
"category": "product_name",
"name": "AIX"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM FlashSystem",
"product": {
"name": "IBM FlashSystem",
"product_id": "T025159",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:-"
}
}
},
{
"category": "product_version",
"name": "V9000",
"product": {
"name": "IBM FlashSystem V9000",
"product_id": "T026925",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:v9000"
}
}
},
{
"category": "product_version",
"name": "9500",
"product": {
"name": "IBM FlashSystem 9500",
"product_id": "T026926",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:9500"
}
}
},
{
"category": "product_version",
"name": "9100 Family",
"product": {
"name": "IBM FlashSystem 9100 Family",
"product_id": "T026927",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:9100_family"
}
}
},
{
"category": "product_version",
"name": "9200",
"product": {
"name": "IBM FlashSystem 9200",
"product_id": "T026928",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:9200"
}
}
},
{
"category": "product_version",
"name": "7300",
"product": {
"name": "IBM FlashSystem 7300",
"product_id": "T026929",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:7300"
}
}
},
{
"category": "product_version",
"name": "7200",
"product": {
"name": "IBM FlashSystem 7200",
"product_id": "T026930",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:7200"
}
}
},
{
"category": "product_version",
"name": "5200",
"product": {
"name": "IBM FlashSystem 5200",
"product_id": "T026931",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:5200"
}
}
},
{
"category": "product_version",
"name": "5000",
"product": {
"name": "IBM FlashSystem 5000",
"product_id": "T026932",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:flashsystem:5000"
}
}
}
],
"category": "product_name",
"name": "FlashSystem"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP9 IF03",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP9 IF03",
"product_id": "T037731"
}
},
{
"category": "product_version",
"name": "7.5.0 UP9 IF03",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP9 IF03",
"product_id": "T037731-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up9_if03"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"category": "product_name",
"name": "IBM SAN Volume Controller",
"product": {
"name": "IBM SAN Volume Controller",
"product_id": "T020642",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:san_volume_controller:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "V5100",
"product": {
"name": "IBM Storwize V5100",
"product_id": "T020638",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:storwize:v5100"
}
}
},
{
"category": "product_version",
"name": "V5000",
"product": {
"name": "IBM Storwize V5000",
"product_id": "T020639",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:storwize:v5000"
}
}
},
{
"category": "product_version",
"name": "V5000E",
"product": {
"name": "IBM Storwize V5000E",
"product_id": "T026924",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:storwize:v5000e"
}
}
},
{
"category": "product_version",
"name": "V7000",
"product": {
"name": "IBM Storwize V7000",
"product_id": "T041141",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:storwize:v7000"
}
}
}
],
"category": "product_name",
"name": "Storwize"
},
{
"branches": [
{
"category": "product_version",
"name": "3.1",
"product": {
"name": "IBM VIOS 3.1",
"product_id": "1039165",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:3.1"
}
}
},
{
"category": "product_version",
"name": "4.1",
"product": {
"name": "IBM VIOS 4.1",
"product_id": "1522854",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:vios:4.1"
}
}
}
],
"category": "product_name",
"name": "VIOS"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Infoblox DDI",
"product": {
"name": "Infoblox DDI",
"product_id": "T022362",
"product_identification_helper": {
"cpe": "cpe:/a:infoblox:ddi:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "8.6.3",
"product": {
"name": "Infoblox NIOS 8.6.3",
"product_id": "T024812",
"product_identification_helper": {
"cpe": "cpe:/o:infoblox:nios:8.6.3"
}
}
},
{
"category": "product_version",
"name": "8.6.2",
"product": {
"name": "Infoblox NIOS 8.6.2",
"product_id": "T028256",
"product_identification_helper": {
"cpe": "cpe:/o:infoblox:nios:8.6.2"
}
}
},
{
"category": "product_version",
"name": "8.6.4",
"product": {
"name": "Infoblox NIOS 8.6.4",
"product_id": "T032852",
"product_identification_helper": {
"cpe": "cpe:/o:infoblox:nios:8.6.4"
}
}
},
{
"category": "product_version",
"name": "9.0.2",
"product": {
"name": "Infoblox NIOS 9.0.2",
"product_id": "T032853",
"product_identification_helper": {
"cpe": "cpe:/o:infoblox:nios:9.0.2"
}
}
},
{
"category": "product_version",
"name": "9.0.3",
"product": {
"name": "Infoblox NIOS 9.0.3",
"product_id": "T032854",
"product_identification_helper": {
"cpe": "cpe:/o:infoblox:nios:9.0.3"
}
}
},
{
"category": "product_version",
"name": "9.0.4",
"product": {
"name": "Infoblox NIOS 9.0.4",
"product_id": "T036441",
"product_identification_helper": {
"cpe": "cpe:/o:infoblox:nios:9.0.4"
}
}
}
],
"category": "product_name",
"name": "NIOS"
}
],
"category": "vendor",
"name": "Infoblox"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cRV23.08",
"product": {
"name": "Insyde UEFI Firmware \u003cRV23.08",
"product_id": "T038076"
}
},
{
"category": "product_version",
"name": "RV23.08",
"product": {
"name": "Insyde UEFI Firmware RV23.08",
"product_id": "T038076-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:rv23.08"
}
}
},
{
"category": "product_version_range",
"name": "\u003cRV24.06",
"product": {
"name": "Insyde UEFI Firmware \u003cRV24.06",
"product_id": "T038077"
}
},
{
"category": "product_version",
"name": "RV24.06",
"product": {
"name": "Insyde UEFI Firmware RV24.06",
"product_id": "T038077-fixed",
"product_identification_helper": {
"cpe": "cpe:/h:insyde:uefi:rv24.06"
}
}
}
],
"category": "product_name",
"name": "UEFI Firmware"
}
],
"category": "vendor",
"name": "Insyde"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.18.28",
"product": {
"name": "Internet Systems Consortium BIND \u003c9.18.28",
"product_id": "T036434"
}
},
{
"category": "product_version",
"name": "9.18.28",
"product": {
"name": "Internet Systems Consortium BIND 9.18.28",
"product_id": "T036434-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:isc:bind:9.18.28"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.20.0",
"product": {
"name": "Internet Systems Consortium BIND \u003c9.20.0",
"product_id": "T036435"
}
},
{
"category": "product_version",
"name": "9.20.0",
"product": {
"name": "Internet Systems Consortium BIND 9.20.0",
"product_id": "T036435-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:isc:bind:9.20.0"
}
}
}
],
"category": "product_name",
"name": "BIND"
}
],
"category": "vendor",
"name": "Internet Systems Consortium"
},
{
"branches": [
{
"category": "product_name",
"name": "NetApp ActiveIQ Unified Manager",
"product": {
"name": "NetApp ActiveIQ Unified Manager",
"product_id": "T026333",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:active_iq_unified_manager:vmware_vsphere"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "9",
"product": {
"name": "NetApp Data ONTAP 9",
"product_id": "T039981",
"product_identification_helper": {
"cpe": "cpe:/a:netapp:data_ontap:9"
}
}
}
],
"category": "product_name",
"name": "Data ONTAP"
}
],
"category": "vendor",
"name": "NetApp"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "v9 for Solaris",
"product": {
"name": "Xerox FreeFlow Print Server v9 for Solaris",
"product_id": "T028053",
"product_identification_helper": {
"cpe": "cpe:/a:xerox:freeflow_print_server:v9_for_solaris"
}
}
}
],
"category": "product_name",
"name": "FreeFlow Print Server"
}
],
"category": "vendor",
"name": "Xerox"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-0760",
"product_status": {
"known_affected": [
"67646",
"T034902",
"T020639",
"T037731",
"T020638",
"T004914",
"T036441",
"T026927",
"1139691",
"T020642",
"T026928",
"T026925",
"T041141",
"T026926",
"T026924",
"T001663",
"398363",
"T025159",
"T022362",
"T032852",
"T034899",
"T032853",
"T028053",
"434967",
"T032854",
"1039165",
"1522854",
"T037028",
"T036434",
"T036435",
"T039245",
"T032255",
"T039981",
"74185",
"T026929",
"T038076",
"T038077",
"2951",
"T002207",
"T000126",
"T024812",
"T026932",
"T026930",
"T026931",
"T026333",
"T028256"
]
},
"release_date": "2024-07-23T22:00:00.000+00:00",
"title": "CVE-2024-0760"
},
{
"cve": "CVE-2024-1737",
"product_status": {
"known_affected": [
"67646",
"T034902",
"T020639",
"T037731",
"T020638",
"T004914",
"T036441",
"T026927",
"1139691",
"T020642",
"T026928",
"T026925",
"T041141",
"T026926",
"T026924",
"T001663",
"398363",
"T025159",
"T022362",
"T032852",
"T034899",
"T032853",
"T028053",
"434967",
"T032854",
"1039165",
"1522854",
"T037028",
"T036434",
"T036435",
"T039245",
"T032255",
"T039981",
"74185",
"T026929",
"T038076",
"T038077",
"2951",
"T002207",
"T000126",
"T024812",
"T026932",
"T026930",
"T026931",
"T026333",
"T028256"
]
},
"release_date": "2024-07-23T22:00:00.000+00:00",
"title": "CVE-2024-1737"
},
{
"cve": "CVE-2024-1975",
"product_status": {
"known_affected": [
"67646",
"T034902",
"T020639",
"T037731",
"T020638",
"T004914",
"T036441",
"T026927",
"1139691",
"T020642",
"T026928",
"T026925",
"T041141",
"T026926",
"T026924",
"T001663",
"398363",
"T025159",
"T022362",
"T032852",
"T034899",
"T032853",
"T028053",
"434967",
"T032854",
"1039165",
"1522854",
"T037028",
"T036434",
"T036435",
"T039245",
"T032255",
"T039981",
"74185",
"T026929",
"T038076",
"T038077",
"2951",
"T002207",
"T000126",
"T024812",
"T026932",
"T026930",
"T026931",
"T026333",
"T028256"
]
},
"release_date": "2024-07-23T22:00:00.000+00:00",
"title": "CVE-2024-1975"
},
{
"cve": "CVE-2024-4076",
"product_status": {
"known_affected": [
"67646",
"T034902",
"T020639",
"T037731",
"T020638",
"T004914",
"T036441",
"T026927",
"1139691",
"T020642",
"T026928",
"T026925",
"T041141",
"T026926",
"T026924",
"T001663",
"398363",
"T025159",
"T022362",
"T032852",
"T034899",
"T032853",
"T028053",
"434967",
"T032854",
"1039165",
"1522854",
"T037028",
"T036434",
"T036435",
"T039245",
"T032255",
"T039981",
"74185",
"T026929",
"T038076",
"T038077",
"2951",
"T002207",
"T000126",
"T024812",
"T026932",
"T026930",
"T026931",
"T026333",
"T028256"
]
},
"release_date": "2024-07-23T22:00:00.000+00:00",
"title": "CVE-2024-4076"
}
]
}
WID-SEC-W-2025-0794
Vulnerability from csaf_certbund - Published: 2025-04-13 22:00 - Updated: 2025-09-04 22:00Summary
Juniper Junos Space: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen für das Netzwerkmanagement beinhaltet.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Juniper Junos Space ausnutzen, um seine Privilegien zu erhöhen, um einen Denial of Service Zustand herbeizuführen und um andere, nicht näher spezifizierte Auswirkungen zu erzielen.
Betroffene Betriebssysteme: - Juniper Appliance
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Juniper Junos Space <24.1R3
Juniper / Junos Space
|
<24.1R3 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
References
5 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Junos Space ist eine Software-Plattform, die eine Reihe von Applikationen f\u00fcr das Netzwerkmanagement beinhaltet.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Juniper Junos Space ausnutzen, um seine Privilegien zu erh\u00f6hen, um einen Denial of Service Zustand herbeizuf\u00fchren und um andere, nicht n\u00e4her spezifizierte Auswirkungen zu erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Juniper Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0794 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0794.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0794 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0794"
},
{
"category": "external",
"summary": "Juniper Security Bulletin JSA96447 vom 2025-04-09",
"url": "https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R3-release?language=en_US"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2025:20047-1 vom 2025-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-June/021306.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2025-2987 vom 2025-09-04",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2025-2987.html"
}
],
"source_lang": "en-US",
"title": "Juniper Junos Space: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-09-04T22:00:00.000+00:00",
"generator": {
"date": "2025-09-05T07:11:18.754+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-0794",
"initial_release_date": "2025-04-13T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-13T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-06-04T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2025-09-04T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.1R3",
"product": {
"name": "Juniper Junos Space \u003c24.1R3",
"product_id": "T042758"
}
},
{
"category": "product_version",
"name": "24.1R3",
"product": {
"name": "Juniper Junos Space 24.1R3",
"product_id": "T042758-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:24.1r3"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-47596",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2021-47596"
},
{
"cve": "CVE-2022-24808",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2022-24808"
},
{
"cve": "CVE-2022-39253",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2022-39253"
},
{
"cve": "CVE-2023-28746",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2023-28746"
},
{
"cve": "CVE-2023-48161",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2023-48161"
},
{
"cve": "CVE-2023-6597",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2023-6597"
},
{
"cve": "CVE-2024-0450",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-0450"
},
{
"cve": "CVE-2024-1737",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-1737"
},
{
"cve": "CVE-2024-1975",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-1975"
},
{
"cve": "CVE-2024-21208",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-21208"
},
{
"cve": "CVE-2024-21210",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-21210"
},
{
"cve": "CVE-2024-21217",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-21217"
},
{
"cve": "CVE-2024-21235",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-21235"
},
{
"cve": "CVE-2024-21823",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-21823"
},
{
"cve": "CVE-2024-23271",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-23271"
},
{
"cve": "CVE-2024-26735",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-26735"
},
{
"cve": "CVE-2024-26852",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-26852"
},
{
"cve": "CVE-2024-26993",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-26993"
},
{
"cve": "CVE-2024-27052",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-27052"
},
{
"cve": "CVE-2024-27820",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-27820"
},
{
"cve": "CVE-2024-27838",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-27838"
},
{
"cve": "CVE-2024-27851",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-27851"
},
{
"cve": "CVE-2024-28182",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-28182"
},
{
"cve": "CVE-2024-2961",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-2961"
},
{
"cve": "CVE-2024-32002",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-32002"
},
{
"cve": "CVE-2024-32004",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-32004"
},
{
"cve": "CVE-2024-32020",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-32020"
},
{
"cve": "CVE-2024-32021",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-32021"
},
{
"cve": "CVE-2024-32465",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-32465"
},
{
"cve": "CVE-2024-33599",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-33599"
},
{
"cve": "CVE-2024-33600",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-33600"
},
{
"cve": "CVE-2024-33601",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-33601"
},
{
"cve": "CVE-2024-33602",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-33602"
},
{
"cve": "CVE-2024-35845",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-35845"
},
{
"cve": "CVE-2024-35899",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-35899"
},
{
"cve": "CVE-2024-3651",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-3651"
},
{
"cve": "CVE-2024-3652",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-3652"
},
{
"cve": "CVE-2024-36971",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-36971"
},
{
"cve": "CVE-2024-39487",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-39487"
},
{
"cve": "CVE-2024-4076",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-4076"
},
{
"cve": "CVE-2024-40782",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-40782"
},
{
"cve": "CVE-2024-40789",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-40789"
},
{
"cve": "CVE-2024-40866",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-40866"
},
{
"cve": "CVE-2024-40954",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-40954"
},
{
"cve": "CVE-2024-40958",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-40958"
},
{
"cve": "CVE-2024-42284",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-42284"
},
{
"cve": "CVE-2024-42472",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-42472"
},
{
"cve": "CVE-2024-44187",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-44187"
},
{
"cve": "CVE-2024-6232",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-6232"
},
{
"cve": "CVE-2024-7006",
"product_status": {
"known_affected": [
"T002207",
"T042758",
"398363"
]
},
"release_date": "2025-04-13T22:00:00.000+00:00",
"title": "CVE-2024-7006"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…