Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2024-3838.NASLHistoryJun 13, 2024 - 12:00 a.m.
Oracle Linux 9 : ruby (ELSA-2024-3838)
2024-06-1300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
oracle linux 9
ruby
elsa-2024-3838
multiple vulnerabilities
security updates
cve-2021-33621
cve-2023-28755
cve-2023-28756
cve-2024-27280
cve-2024-27281
cve-2024-27282
iava-2024-a-0328
double free
regexp compilation
exploit available
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.1%
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3838 advisory.
- Fix double free in Regexp compilation.
Resolves: CVE-2022-28738
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2024-3838.
##
include('compat.inc');
if (description)
{
script_id(200471);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/13");
script_cve_id(
"CVE-2021-33621",
"CVE-2023-28755",
"CVE-2023-28756",
"CVE-2024-27280",
"CVE-2024-27281",
"CVE-2024-27282"
);
script_xref(name:"IAVA", value:"2024-A-0328");
script_name(english:"Oracle Linux 9 : ruby (ELSA-2024-3838)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2024-3838 advisory.
- Fix double free in Regexp compilation.
Resolves: CVE-2022-28738
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2024-3838.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-33621");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/18");
script_set_attribute(attribute:"patch_publication_date", value:"2024/06/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:linux:9::appstream");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:linux:9::codeready_builder");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-default-gems");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:ruby-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-bigdecimal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-bundler");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-io-console");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-irb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-json");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-minitest");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-power_assert");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-psych");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rake");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rbs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rdoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rexml");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-rss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-test-unit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygem-typeprof");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygems");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:rubygems-devel");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var pkgs = [
{'reference':'ruby-3.0.7-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-default-gems-3.0.7-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-3.0.7-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-doc-3.0.7-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-3.0.7-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bigdecimal-3.0.0-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bundler-2.2.33-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-io-console-0.5.7-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-irb-1.3.5-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-json-2.5.1-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-minitest-5.14.2-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-power_assert-1.2.1-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-psych-3.3.2-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rake-13.0.3-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rbs-1.4.0-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rdoc-6.3.4.1-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rexml-3.2.5-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rss-0.2.9-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-test-unit-3.3.7-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-typeprof-0.15.2-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygems-3.2.33-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygems-devel-3.2.33-162.el9_4', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-3.0.7-162.el9_4', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-3.0.7-162.el9_4', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-3.0.7-162.el9_4', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-3.0.7-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-default-gems-3.0.7-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-devel-3.0.7-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-doc-3.0.7-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ruby-libs-3.0.7-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bigdecimal-3.0.0-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-bundler-2.2.33-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-io-console-0.5.7-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-irb-1.3.5-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-json-2.5.1-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-minitest-5.14.2-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-power_assert-1.2.1-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-psych-3.3.2-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rake-13.0.3-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rbs-1.4.0-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rdoc-6.3.4.1-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rexml-3.2.5-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-rss-0.2.9-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-test-unit-3.3.7-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygem-typeprof-0.15.2-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygems-3.2.33-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rubygems-devel-3.2.33-162.el9_4', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release) {
if (exists_check) {
if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ruby / ruby-default-gems / ruby-devel / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | linux | ruby | p-cpe:/a:oracle:linux:ruby |
| oracle | linux | ruby-devel | p-cpe:/a:oracle:linux:ruby-devel |
| oracle | linux | ruby-libs | p-cpe:/a:oracle:linux:ruby-libs |
| oracle | linux | ruby-doc | p-cpe:/a:oracle:linux:ruby-doc |
| oracle | linux | rubygem-bigdecimal | p-cpe:/a:oracle:linux:rubygem-bigdecimal |
| oracle | linux | rubygem-io-console | p-cpe:/a:oracle:linux:rubygem-io-console |
| oracle | linux | rubygem-json | p-cpe:/a:oracle:linux:rubygem-json |
| oracle | linux | rubygem-minitest | p-cpe:/a:oracle:linux:rubygem-minitest |
| oracle | linux | rubygem-psych | p-cpe:/a:oracle:linux:rubygem-psych |
| oracle | linux | rubygem-rake | p-cpe:/a:oracle:linux:rubygem-rake |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33621
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27280
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27281
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27282
linux.oracle.com/errata/ELSA-2024-3838.html
Related
almalinux
almalinux
Moderate: ruby:3.0 security update
2024-05-30 00:00:00
Moderate: ruby security update
2024-06-11 00:00:00
Moderate: ruby:3.1 security, bug fix, and enhancement update
2024-06-03 00:00:00
osv
osv
Moderate: ruby:3.0 security update
2024-05-30 00:00:00
Moderate: ruby security update
2024-06-11 00:00:00
Moderate: ruby:3.3 security, bug fix, and enhancement update
2024-06-06 00:00:00
nessus
nessus
AlmaLinux 9 : ruby (ALSA-2024:3838)
2024-06-14 00:00:00
AlmaLinux 8 : ruby:3.0 (ALSA-2024:3500)
2024-05-31 00:00:00
RHEL 8 : ruby:3.0 (RHSA-2024:3500)
2024-05-30 00:00:00
oraclelinux
oraclelinux
ruby security update
2024-06-13 00:00:00
ruby:3.0 security update
2024-05-31 00:00:00
ruby:3.3 security, bug fix, and enhancement update
2024-06-07 00:00:00
redhat
redhat
(RHSA-2024:3500) Moderate: ruby:3.0 security update
2024-05-30 12:07:40
openvas
openvas
Slackware: Security Advisory (SSA:2024-114-01)
2024-04-24 00:00:00
Fedora: Security Advisory for ruby (FEDORA-2024-14db7b21a2)
2024-05-27 00:00:00
Fedora: Security Advisory for ruby (FEDORA-2024-31cac8b8ec)
2024-05-27 00:00:00
mageia
mageia
Updated ruby packages fix security vulnerabilities
2024-05-09 05:40:29
rocky
rocky
ruby:3.1 security, bug fix, and enhancement update
2024-06-14 14:00:40
ruby:3.1 security, bug fix, and enhancement update
2024-06-14 13:59:30
ruby:3.3 security, bug fix, and enhancement update
2024-06-14 14:00:40
slackware
slackware
[slackware-security] ruby
2024-04-23 22:33:22
[slackware-security] ruby
2023-03-31 18:29:16
debian
debian
[SECURITY] [DSA 5677-1] ruby3.1 security update
2024-05-03 19:47:30
[SECURITY] [DLA 3447-1] ruby2.5 security update
2023-06-07 20:38:22
fedora
fedora
[SECURITY] Fedora 40 Update: ruby-3.3.1-7.fc40
2024-05-03 01:46:00
[SECURITY] Fedora 38 Update: ruby-3.2.4-182.fc38
2024-05-04 02:20:05
[SECURITY] Fedora 39 Update: ruby-3.2.4-182.fc39
2024-05-04 01:33:23
ubuntu
ubuntu
Ruby vulnerabilities
2023-06-21 00:00:00
Ruby vulnerabilities
2024-06-17 00:00:00
Ruby vulnerabilities
2023-05-04 00:00:00
cloudfoundry
cloudfoundry
USN-6055-1: Ruby vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
USN-6087-1: Ruby vulnerabilities | Cloud Foundry
2023-06-05 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2024-5.0-0247
2024-04-16 00:00:00
cve
cve
freebsd
freebsd
ruby -- Arbitrary memory address read vulnerability with Regex search
2024-04-23 00:00:00
cbl_mariner
cbl_mariner
CVE-2024-27282 affecting package ruby for versions less than 3.1.4-5
2024-06-12 22:23:00
CVE-2024-27281 affecting package ruby for versions less than 3.1.4-4
2024-04-17 01:35:34
cvelist
cvelist
alpinelinux
alpinelinux
debiancve
debiancve
github
github
RDoc RCE vulnerability with .rdoc_options
2024-03-25 19:36:59
StringIO buffer overread vulnerability
2024-03-25 19:36:52
gentoo
gentoo
Ruby: Multiple vulnerabilities
2024-01-24 00:00:00
ubuntucve
ubuntucve
cgr
cgr
CVE-2024-27280 vulnerabilities
2024-05-19 03:07:16
CVE-2024-27281 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
nvd
nvd
githubexploit
githubexploit
Exploit for CVE-2024-27282
2024-06-12 23:54:03
vulnrichment
vulnrichment
CVE-2024-27280
1976-01-01 00:00:00
wolfi
wolfi
CVE-2024-27280 vulnerabilities
2024-06-19 15:18:09
CVE-2024-27281 vulnerabilities
2024-06-19 15:18:08
veracode
veracode
Remote Code Execution
2024-03-28 10:48:53
Buffer Over-read
2024-03-29 07:40:04
hackerone
hackerone
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
Low
0.004 Low
EPSS
Percentile
72.1%
Related for ORACLELINUX_ELSA-2024-3838.NASL