Overview
Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak, file leak, external directory file-write,–safe-links bypass, and symbolic-link race condition.
Description
Many backup programs, such as Rclone, DeltaCopy, and ChronoSync use Rsync as backend software for file synchronization. Rsync can also be used in Daemon mode and is widely used in in public mirrors to synchronize and distribute files efficiently across multiple servers.
Following are the discovered vulnerabilities:
CVE-2024-12084 A heap-buffer-overflow vulnerability in the Rsync daemon results in improper handling of attacker-controlled checksum lengths (s2length). When the MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out-of-bounds in the sum2 buffer.
CVE-2024-12085 When Rsync compares file checksums, a vulnerability in the Rsync daemon can be triggered. An attacker could manipulate the checksum length (s2length) to force a comparison between the checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
CVE-2024-12086 A vulnerability in the Rsync daemon could cause a server to leak the contents of arbitrary files from clients’ machines. This happens when files are copied from client to server. During the process, a malicious Rsync server can generate invalid communication tokens and checksums from data the attacker compares. The comparison will trigger the client to ask the server to resend data, which the server can use to guess a checksum. The server could then reprocess data, byte to byte, to determine the contents of the target file.
CVE-2024-12087 A path traversal vulnerability in the Rsync daemon affects the --inc-recursive option, a default-enabled option for many flags that can be enabled by the server even if not explicitly enabled by the client. When using this option, a lack of proper symlink verification coupled with de-duplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could remotely trigger this activity by exploiting symbolic links named after valid client directories/paths.
CVE-2024-12088 A --safe-links option vulnerability results in Rsync failing to properly verify whether the symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary files being written outside of the desired directory.
CVE-2024-12747 Rsync is vulnerable to a symbolic-link race condition, which may lead to privilege escalation. A user could gain access to privileged files on affected servers.
Impact
When combined, the first two vulnerabilities (heap buffer overflow and information leak) allow a client to execute arbitrary code on a device that has an Rsync server running. The client requires only anonymous read-access to the server, such as public mirrors. Additionally, attackers can take control of a malicious server and read/write arbitrary files of any connected client. Sensitive data, such as SSH keys, can be extracted, and malicious code can be executed by overwriting files such as ~/.bashrc or ~/.popt.
Solution
Apply the latest patches available at https://github.com/RsyncProject/rsync and https://download.samba.org/pub/rsync/src/. Users should run updates on their software as soon as possible. As Rsync can be distributed bundled, ensure any software that provides such updates is also kept current to address these vulnerabilities.
Acknowledgements
Thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at Google Cloud Vulnerability Research for discovering the first five vulnerabilities; thanks to Aleksei Gorban for discovering the symbolic-link race condition. Finally, thanks to Andrew Tridgell for reporting all of them. This document was written by Dr. Elke Drennan, CISSP.
Vendor Information
AlmaLinux OS Foundation Affected
Statement Date: January 14, 2025
CVE-2024-12084 | Affected |
Vendor Statement: | |
AlmaLinux Kitten 10 is affected. AlmaLinux 8 and 9 are NOT affected. | |
CVE-2024-12085 | Affected |
CVE-2024-12086 | Affected |
CVE-2024-12087 | Affected |
CVE-2024-12088 | Affected |
CVE-2024-12747 | Affected |
Arch Linux Affected
Statement Date: December 02, 2024
CVE-2024-12084 | Affected |
CVE-2024-12085 | Affected |
CVE-2024-12086 | Affected |
CVE-2024-12087 | Affected |
CVE-2024-12088 | Affected |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Gentoo Linux Affected
Statement Date: December 04, 2024
CVE-2024-12084 | Affected |
CVE-2024-12085 | Affected |
CVE-2024-12086 | Affected |
CVE-2024-12087 | Affected |
CVE-2024-12088 | Affected |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NixOS Affected
Statement Date: January 14, 2025
CVE-2024-12084 | Affected |
CVE-2024-12085 | Affected |
CVE-2024-12086 | Affected |
CVE-2024-12087 | Affected |
CVE-2024-12088 | Affected |
CVE-2024-12747 | Affected |
Vendor Statement
We have not received a statement from the vendor.
References
Red Hat Affected
Statement Date: January 14, 2025
CVE-2024-12084 | Not Affected |
CVE-2024-12085 | Affected |
CVE-2024-12086 | Affected |
CVE-2024-12087 | Affected |
CVE-2024-12088 | Affected |
CVE-2024-12747 | Affected |
Vendor Statement
We have not received a statement from the vendor.
SUSE Linux Affected
Statement Date: January 15, 2025
CVE-2024-12084 | Affected |
CVE-2024-12085 | Affected |
CVE-2024-12086 | Affected |
CVE-2024-12087 | Affected |
CVE-2024-12088 | Affected |
CVE-2024-12747 | Affected |
Vendor Statement
We have not received a statement from the vendor.
Triton Data Center Affected
Statement Date: January 07, 2025
CVE-2024-12084 | Affected |
CVE-2024-12085 | Affected |
CVE-2024-12086 | Affected |
CVE-2024-12087 | Affected |
CVE-2024-12088 | Affected |
CVE-2024-12747 | Affected |
Vendor Statement
SmartOS, an illumos distribution that powers Triton Data Center, ships rsync in the platform image, and it will need to be updated. Additionally some users opt for the pkgsrc version of rsync, which will also need to be updated, or the pkgsrc revision will need to be updated.
Afero Not Affected
Statement Date: January 09, 2025
CVE-2024-12084 | Not Affected |
CVE-2024-12085 | Not Affected |
CVE-2024-12086 | Not Affected |
CVE-2024-12087 | Not Affected |
CVE-2024-12088 | Not Affected |
CVE-2024-12747 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
AMD Not Affected
Statement Date: January 10, 2025
CVE-2024-12084 | Not Affected |
CVE-2024-12085 | Not Affected |
CVE-2024-12086 | Not Affected |
CVE-2024-12087 | Not Affected |
CVE-2024-12088 | Not Affected |
CVE-2024-12747 | Not Affected |
Vendor Statement
We have not received a statement from the vendor.
FreeBSD Not Affected
Statement Date: January 09, 2025
CVE-2024-12084 | Not Affected |
CVE-2024-12085 | Not Affected |
CVE-2024-12086 | Not Affected |
CVE-2024-12087 | Not Affected |
CVE-2024-12088 | Not Affected |
CVE-2024-12747 | Not Affected |
Vendor Statement
FreeBSD does not ship with rsync as part of the base system. rsync is available as part of the FreeBSD ports/pkg system, but the responsibility for analysis of risk lies with the administrator that chooses to install and configure rsync.
HardenedBSD Not Affected
Statement Date: January 14, 2025
CVE-2024-12084 | Not Affected |
CVE-2024-12085 | Not Affected |
CVE-2024-12086 | Not Affected |
CVE-2024-12087 | Not Affected |
CVE-2024-12088 | Not Affected |
CVE-2024-12747 | Not Affected |
Vendor Statement
While HardenedBSD does not ship with rsync, the project's infrastructure uses rsync to sync build artifacts across its mirrors.
Illumos Not Affected
Statement Date: January 07, 2025
CVE-2024-12084 | Not Affected |
CVE-2024-12085 | Not Affected |
CVE-2024-12086 | Not Affected |
CVE-2024-12087 | Not Affected |
CVE-2024-12088 | Not Affected |
CVE-2024-12747 | Not Affected |
Vendor Statement
rsync is not part of illumos per se, but it is part of illumos distributions. Each distribution that includes rsync will need to issue their own statement.
Linux Foundation Not Affected
Statement Date: November 25, 2024
CVE-2024-12084 | Not Affected |
CVE-2024-12085 | Not Affected |
CVE-2024-12086 | Not Affected |
CVE-2024-12087 | Not Affected |
CVE-2024-12088 | Not Affected |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NetBSD Not Affected
Statement Date: November 27, 2024
CVE-2024-12084 | Not Affected |
CVE-2024-12085 | Not Affected |
CVE-2024-12086 | Not Affected |
CVE-2024-12087 | Not Affected |
CVE-2024-12088 | Not Affected |
CVE-2024-12747 | Unknown |
Vendor Statement
The NetBSD base system is not affected because it does not ship with rsync.
pkgsrc includes an affected version of rsync as the net/rsync package, and will be updated when rsync upstream releases a fixed version, for all platforms that pkgsrc supports.
Synology Not Affected
Statement Date: December 11, 2024
CVE-2024-12084 | Not Affected |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Alpine Linux Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Amazon Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Apple Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Arista Networks Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
ARM Limited Unknown
Statement Date: November 26, 2024
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Aruba Networks Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Atos SE Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Blackberry QNX Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Broadcom Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Canonical Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
CERT-UBIK Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Cesanta Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Contiki OS Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Debian GNU/Linux Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Dell EMC Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
DesktopBSD Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Diebold Election Systems Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
DragonFly BSD Project Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
EuroLinux Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
F5 Networks Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Facebook Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Google Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Green Hills Software Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Hewlett Packard Enterprise Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Hitachi Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
HP Inc. Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
IBM Numa-Q Division (Formerly Sequent) Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Joyent Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Juniper Networks Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Lenovo Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Lutomirski Consulting Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
m0n0wall Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Marconi Inc. Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Mbed TLS Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Medtronic Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Micro Focus Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Microsoft Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Monroe Electronics Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Mozilla Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
NEC Corporation Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Nexenta Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Nokia Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OleumTech Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenBSD Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
OpenIndiana Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Openswan Linux IPsec software Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Openwall GNU/*/Linux Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Oracle Corporation Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Rockwell Automation Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Rocky Linux Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Slackware Linux Inc. Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Sony Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Systech Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Tizen Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
TrueOS Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Turbolinux Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Ubuntu Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Unisys Corporation Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Univention Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
VMware Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Wind River Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Xen Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
XigmaNAS Unknown
CVE-2024-12084 | Unknown |
CVE-2024-12085 | Unknown |
CVE-2024-12086 | Unknown |
CVE-2024-12087 | Unknown |
CVE-2024-12088 | Unknown |
CVE-2024-12747 | Unknown |
Vendor Statement
We have not received a statement from the vendor.
Other Information
CVE IDs: | CVE-2024-12084 CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747 |
API URL: | VINCE JSON | CSAF |
Date Public: | 2025-01-14 |
Date First Published: | 2025-01-14 |
Date Last Updated: | 2025-01-15 15:23 UTC |
Document Revision: | 6 |