CVE-2024-3094

CRITICAL

10.0

CVSS Severity Score

EPSS Score64.2150%

EPSS Percentile98.23th

PublishedMar 29, 2024

Last ModifiedApr 1, 2024

Vulnerability Description

Backdoor in upstream xz-utils package allows SSH remote code execution (XZ Utils backdoor). Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0.

Affected Platforms (CPE)

📦

Open Source

xz-utils

5.6.0, 5.6.1

References & Advisories

🔗 https://nvd.nist.gov/vuln/detail/CVE-2024-3094

Related Vulnerabilities

CVE-2020-696210.0

In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ve...

CVE-2020-696310.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2021-4126910.0

cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In aff...