Article Number: 000223556
Critical
Third-party Component | CVEs | More Information |
---|---|---|
dom4j: flexible XML framework for Java 2.1.3 | CVE-2023-45960 | CVE-2023-45960 |
Netty Project 4.1.100 | CVE-2023-4586 | CVE-2023-4586 |
RabbitMQ amqp-client5.14.3 | CVE-2023-46120 | CVE-2023-46120 |
Apache Tomcat 9.0.82 | CVE-2023-46589 | CVE-2023-46589 |
Elasticsearch 7.17.13 | CVE-2023-46673 | CVE-2023-46673 |
HTTP functionality for the Reactor Netty library 1.0.38 | CVE-2023-34062 | CVE-2023-34062 |
larvalabs collections 4.01 | CVE-2015-7501 | CVE-2015-7501 |
reactor-netty 1.0.38 | CVE-2023-34062 | CVE-2023-34062 |
ibcurl 8.4 | CVE-2023-38545, CVE-2023-23914, CVE-2023-27533, CVE-2023-27534, CVE-2023-28319, CVE-2023-38039, CVE-2023-23915, CVE-2023-23916, CVE-2023-27535, CVE-2023-28320, CVE-2023-28321, CVE-2023-27536, CVE-2023-27538, CVE-2023-38546, CVE-2023-28322 | CVE-2023-38545, CVE-2023-23914, CVE-2023-27533, CVE-2023-27534, CVE-2023-28319, CVE-2023-38039, CVE-2023-23915, CVE-2023-23916, CVE-2023-27535, CVE-2023-28320, CVE-2023-28321, CVE-2023-27536, CVE-2023-27538, CVE-2023-38546, CVE-2023-28322 |
Jetty - 9.4.53.20231009 | CVE-2023-36479, CVE-2023-41900, CVE-2023-26049, CVE-2023-40167, CVE-2023-26048, CVE-2023-44487, CVE-2023-36478 | CVE-2023-36479, CVE-2023-41900, CVE-2023-26049, CVE-2023-40167, CVE-2023-26048, CVE-2023-44487, CVE-2023-36478 |
Netty Project 4.1.86 | CVE-2023-44487, CVE-2023-4586, CVE-2023-34462 | CVE-2023-44487,CVE-2023-4586, CVE-2023-34462 |
google-guava 21.0 | CVE-2023-2976, CVE-2018-10237, CVE-2020-8908 | CVE-2023-2976, CVE-2018-10237, CVE-2020-8908 |
Logback 1.2.3 | CVE-2023-6378 | CVE-2023-6378 |
Apache Tomcat 9.0.70 | CVE-2023-42794, CVE-2023-44487, CVE-2023-41080, CVE-2023-42795, CVE-2023-42795, CVE-2023-45648, CVE-2023-28708 | CVE-2023-42794, CVE-2023-44487, CVE-2023-41080, CVE-2023-42795, CVE-2023-45648, CVE-2023-28708 |
Golang 1.20.12 | CVE-2023-45285, CVE-2023-45283, CVE-2023-48795, CVE-2023-45284, CVE-2023-39326 | CVE-2023-45285, CVE-2023-45283, CVE-2023-48795, CVE-2023-45284, CVE-2023-39326 |
golang.org/x/crypto v0.14.0 | CVE-2023-48795 | CVE-2023-48795 |
linux-pam 1.3.0-150000.6.61.1 | CVE-2024-22365 | CVE-2024-22365 |
ncurses-utils 5.9-81.1 | CVE-2023-50495 | CVE-2023-50495 |
google.golang.org/grpc 1.45.0 | CVE-2023-44487 | CVE-2023-44487 |
curl 8.0.1-11.74.1 | CVE-2023-46218, CVE-2023-46219 | CVE-2023-46218, CVE-2023-46219 |
tar 1.27.1-15.21.1 | CVE-2023-39804 | CVE-2023-39804 |
Java SE 8u361 | CVE-2023-21968, CVE-2023-21967, CVE-2023-21954, CVE-2023-21951, CVE-2023-21950, CVE-2023-21949, CVE-2023-21948, CVE-2023-21939, CVE-2023-21938, CVE-2023-21937, CVE-2023-21930 | CVE-2023-21968, CVE-2023-21967, CVE-2023-21954, CVE-2023-21951, CVE-2023-21950, CVE-2023-21949, CVE-2023-21948, CVE-2023-21939, CVE-2023-21938, CVE-2023-21937, CVE-2023-21930 |
PostgreSQL JDBC Driver 42.2.18 | CVE-2022-26520, CVE-2022-21724, CVE-2022-31197, CVE-2022-41946 | CVE-2022-26520,CVE-2022-21724, CVE-2022-31197, CVE-2022-41946 |
sqlite-jdbc 3.36.0.3 | CVE-2023-32697 | CVE-2023-32697 |
hughsk/flat 4.1.1 | CVE-2020-36632 | CVE-2020-36632 |
lodash.set 4.3.2 | CVE-2020-8203 | CVE-2020-8203 |
vitejs 4.5.1 | CVE-2024-23331 | CVE-2024-23331 |
ip 2.0.0 | CVE-2023-42282 | CVE-2023-42282 |
nodeJS 20.10.0 | CVE-2024-21892, CVE-2024-22019, CVE-2024-21896, CVE-2024-22017, CVE-2023-46809, CVE-2024-21891, CVE-2024-21890, CVE-2024-22025 | CVE-2024-21892, CVE-2024-22019, CVE-2024-21896, CVE-2024-22017, CVE-2023-46809, CVE-2024-21891, CVE-2024-21890, CVE-2024-22025 |
ibslirp0 4.7.0+44-150300.15.2 | CVE-2020-10756, CVE-2020-1983, CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595, | CVE-2020-10756, CVE-2020-1983, CVE-2021-3592, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595 |
libssh4 0.9.8-150400.3.3.1 | CVE-2023-1667, CVE-2023-2283, CVE-2023-6004, CVE-2023-6918 | CVE-2023-1667, CVE-2023-2283, CVE-2023-6004, CVE-2023-6918 |
libpq5 16.2-150200.5.10.1 | CVE-2024-0985 | CVE-2024-0985 |
postgresql14-server 14.11-150200.5.39.1 | CVE-2024-0985 | CVE-2024-0985 |
postgresql14 14.11-150200.5.39.1 | CVE-2024-0985 | CVE-2024-0985 |
libfreebl3 3.90.2-150400.3.39.1 | CVE-2023-5388 | CVE-2023-5388 |
libsoftokn3 3.90.2-150400.3.39.1 | CVE-2023-5388 | CVE-2023-5388 |
mozilla-nss-certs 3.90.2-150400.3.39.1 | CVE-2023-5388 | CVE-2023-5388 |
mozilla-nss 3.90.2-150400.3.39.1 | CVE-2023-5388 | CVE-2023-5388 |
kernel-default 5.14.21-150400.24.108.1 | CVE-2020-26555, CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51042, CVE-2023-51043, CVE-2023-51779, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6121, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-6546, CVE-2023-6606, CVE-2023-6610, CVE-2023-6622, CVE-2023-6915, CVE-2023-6931, CVE-2023-6932, CVE-2024-0340, CVE-2024-0565, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085, CVE-2024-1086, CVE-2024-24860 | CVE-2020-26555, CVE-2021-33631, CVE-2023-46838, CVE-2023-47233, CVE-2023-51042, CVE-2023-51043, CVE-2023-51779, CVE-2023-51780, CVE-2023-51782, CVE-2023-6040, CVE-2023-6121, CVE-2023-6356, CVE-2023-6531, CVE-2023-6535, CVE-2023-6536, CVE-2023-6546, CVE-2023-6606, CVE-2023-6610, CVE-2023-6622, CVE-2023-6915, CVE-2023-6931, CVE-2023-6932, CVE-2024-0340, CVE-2024-0565, CVE-2024-0641, CVE-2024-0775, CVE-2024-1085, CVE-2024-1086, CVE-2024-24860 |
bind-utils 9.16.48-150400.5.40.1 | CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516 | CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516 |
python3-bind 9.16.48-150400.5.40.1 | CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516 | CVE-2023-4408, CVE-2023-50387, CVE-2023-50868, CVE-2023-5517, CVE-2023-5679, CVE-2023-6516 |
slirp4netns 1.2.0-150300.8.5.2 | CVE-2019-6778, CVE-2020-10756, CVE-2020-1983, CVE-2020-29130 | CVE-2019-6778, CVE-2020-10756, CVE-2020-1983, CVE-2020-29130 |
kernel-firmware | CVE-2019-9836, CVE-2021-26339, CVE-2021-26345, CVE-2021-26348, CVE-2021-26364, CVE-2021-26375, CVE-2021-33139, CVE-2021-46744, CVE-2021-46766, CVE-2023-20519, CVE-2023-20566 | CVE-2019-9836, CVE-2021-26339, CVE-2021-26345, CVE-2021-26348, CVE-2021-26364, CVE-2021-26375, CVE-2021-33139, CVE-2021-46744, CVE-2021-46766, CVE-2023-20519, CVE-2023-20566 |
runc 1.1.12-150000.61.2 | CVE-2024-21626 | CVE-2024-21626 |
java-17-openjdk-headless 17.0.10.0-150400.3.36.1 | CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952 | CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952 |
docker-rootless-extras 24.0.7_ce-150000.193.1 | CVE-2024-23651, CVE-2024-23652, CVE-2024-23653 | CVE-2024-23651, CVE-2024-23652, CVE-2024-23653 |
docker 24.0.7_ce-150000.193.1 | CVE-2024-23651, CVE-2024-23652, CVE-2024-23653 | CVE-2024-23651, CVE-2024-23652, CVE-2024-23653 |
postfix-bdb 3.5.9-150300.5.15.1 | CVE-2023-32182 | CVE-2023-32182 |
xen-libs 4.16.5_12-150400.4.46.1 | CVE-2023-46839 | CVE-2023-46839 |
Openssh 8.4p1-150300.3.30.1 |
CVE-2023-51385 | CVE-2023-51385 |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-25971 | Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service. | 5.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
---|---|---|---|
CVE-2024-25971 | Dell PowerProtect Data Manager, version 19.15, contains an XML External Entity Injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to information disclosure, denial-of-service. | 5.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L |
Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|
Dell Power Protect Data Manager | Versions prior to 19.16 | 19.16 build 04 or later | PPDM drivers and downloads |
Product | Affected Versions | Remediated Versions | Link |
---|---|---|---|
Dell Power Protect Data Manager | Versions prior to 19.16 | 19.16 build 04 or later | PPDM drivers and downloads |
Revision | Date | Description |
---|---|---|
1.0 | 2024-03-28 | Initial Release |
PowerProtect Data Manager Appliance, PowerProtect Data Manager, PowerProtect Data Manager Essentials
28 Mar 2024
1
Dell Security Advisory