cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-3094,https://securityvulnerability.io/vulnerability/CVE-2024-3094,"Malicious Code Discovered in xz Upstream Tarballs, Affecting liblzma and Other Dependent Packages","The XZ utility has been compromised due to malicious code introduced in the upstream tarballs starting from version 5.6.0. A sophisticated obfuscation technique is employed where the liblzma build process extracts a prebuilt object file hidden within a disguised test file in the source code. This manipulation alters specific functions in the liblzma library, which can be exploited by any software linked against it. Consequently, the modified liblzma library poses a risk as it can intercept and manipulate data interactions with software using this library, leading to potential data breaches and integrity issues across affected platforms.",Red Hat,"Xz,Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Jboss Enterprise Application Platform 8,Fedora 38,Fedora 39",10,CRITICAL,0.635200023651123,false,true,false,true,true,true,true,2024-03-29T16:51:12.588Z,262103