cvelistv5 - cve-2024-24806

CVE-2024-24806 (GCVE-0-2024-24806)

Vulnerability from cvelistv5

Published

2024-02-07 21:44

Modified

2025-06-17 14:17

Severity ?

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

URL

Tags

	https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6	x_refsource_CONFIRM
	https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629	x_refsource_MISC
	https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70	x_refsource_MISC
	https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488	x_refsource_MISC
	https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2024/02/08/2
	http://www.openwall.com/lists/oss-security/2024/02/11/1
	https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html
	http://www.openwall.com/lists/oss-security/2024/03/11/1
	https://security.netapp.com/advisory/ntap-20240605-0008/
	https://gitlab.kitware.com/cmake/cmake/-/issues/26112

Impacted products

	Vendor	Product	Version
	libuv	libuv	Version: >= 1.45.0, < 1.48.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-02T17:08:43.903Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6"
          },
          {
            "name": "https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629"
          },
          {
            "name": "https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70"
          },
          {
            "name": "https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488"
          },
          {
            "name": "https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/02/08/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/02/11/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240605-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gitlab.kitware.com/cmake/cmake/-/issues/26112"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-24806",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-21T20:41:52.764681Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T14:17:09.153Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libuv",
          "vendor": "libuv",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.45.0, \u003c 1.48.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-18T00:17:58.651Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6"
        },
        {
          "name": "https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629"
        },
        {
          "name": "https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70"
        },
        {
          "name": "https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488"
        },
        {
          "name": "https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/02/08/2"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/02/11/1"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/03/11/1"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240605-0008/"
        },
        {
          "url": "https://gitlab.kitware.com/cmake/cmake/-/issues/26112"
        }
      ],
      "source": {
        "advisory": "GHSA-f74f-cvh7-c6q6",
        "discovery": "UNKNOWN"
      },
      "title": "Improper Domain Lookup that potentially leads to SSRF attacks in libuv"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-24806",
    "datePublished": "2024-02-07T21:44:33.566Z",
    "dateReserved": "2024-01-31T16:28:17.940Z",
    "dateUpdated": "2025-06-17T14:17:09.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6\", \"name\": \"https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629\", \"name\": \"https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70\", \"name\": \"https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488\", \"name\": \"https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39\", \"name\": \"https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/02/08/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/02/11/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/11/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240605-0008/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://gitlab.kitware.com/cmake/cmake/-/issues/26112\", \"tags\": [\"x_transferred\"]}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-09-02T17:08:43.903Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-24806\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-02-21T20:41:52.764681Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-17T14:17:04.315Z\"}}], \"cna\": {\"title\": \"Improper Domain Lookup that potentially leads to SSRF attacks in libuv\", \"source\": {\"advisory\": \"GHSA-f74f-cvh7-c6q6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"libuv\", \"product\": \"libuv\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.45.0, \u003c 1.48.0\"}]}], \"references\": [{\"url\": \"https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6\", \"name\": \"https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629\", \"name\": \"https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70\", \"name\": \"https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488\", \"name\": \"https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39\", \"name\": \"https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/02/08/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/02/11/1\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/11/1\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240605-0008/\"}, {\"url\": \"https://gitlab.kitware.com/cmake/cmake/-/issues/26112\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-07-18T00:17:58.651Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-24806\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-17T14:17:09.153Z\", \"dateReserved\": \"2024-01-31T16:28:17.940Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-02-07T21:44:33.566Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0741

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Juniper Secure Analytics. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Juniper Networks	Secure Analytics	Juniper Secure Analytics versions antérieures à 7.5.0 UP9 IF02

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA86686

2024-09-30

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP9 IF02",
      "product": {
        "name": "Secure Analytics",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-29483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
    },
    {
      "name": "CVE-2024-42472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42472"
    },
    {
      "name": "CVE-2024-26934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
    },
    {
      "name": "CVE-2023-52477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
    },
    {
      "name": "CVE-2023-52675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52675"
    },
    {
      "name": "CVE-2023-4692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4692"
    },
    {
      "name": "CVE-2024-27059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27059"
    },
    {
      "name": "CVE-2024-26656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
    },
    {
      "name": "CVE-2024-28834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
    },
    {
      "name": "CVE-2023-38264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
    },
    {
      "name": "CVE-2024-26974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
    },
    {
      "name": "CVE-2024-26897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
    },
    {
      "name": "CVE-2021-47055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
    },
    {
      "name": "CVE-2020-36777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36777"
    },
    {
      "name": "CVE-2023-43788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43788"
    },
    {
      "name": "CVE-2024-27052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
    },
    {
      "name": "CVE-2023-52425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
    },
    {
      "name": "CVE-2024-26585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
    },
    {
      "name": "CVE-2024-25744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25744"
    },
    {
      "name": "CVE-2024-26973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
    },
    {
      "name": "CVE-2024-33602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
    },
    {
      "name": "CVE-2024-27397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
    },
    {
      "name": "CVE-2024-35854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
    },
    {
      "name": "CVE-2023-52878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
    },
    {
      "name": "CVE-2021-47185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
    },
    {
      "name": "CVE-2024-23650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23650"
    },
    {
      "name": "CVE-2024-26603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
    },
    {
      "name": "CVE-2024-26964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26964"
    },
    {
      "name": "CVE-2024-5564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
    },
    {
      "name": "CVE-2021-33198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
    },
    {
      "name": "CVE-2024-26993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
    },
    {
      "name": "CVE-2019-25162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-25162"
    },
    {
      "name": "CVE-2022-41715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
    },
    {
      "name": "CVE-2023-39321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
    },
    {
      "name": "CVE-2024-3933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2023-52669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52669"
    },
    {
      "name": "CVE-2019-11358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
    },
    {
      "name": "CVE-2020-15778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
    },
    {
      "name": "CVE-2022-3287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3287"
    },
    {
      "name": "CVE-2024-36004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
    },
    {
      "name": "CVE-2024-26859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
    },
    {
      "name": "CVE-2020-13936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2024-35959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35959"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2024-35855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2023-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
    },
    {
      "name": "CVE-2024-33600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
    },
    {
      "name": "CVE-2024-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
    },
    {
      "name": "CVE-2024-26615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
    },
    {
      "name": "CVE-2023-45802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
    },
    {
      "name": "CVE-2024-26801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
    },
    {
      "name": "CVE-2024-36007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
    },
    {
      "name": "CVE-2021-47311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47311"
    },
    {
      "name": "CVE-2023-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
    },
    {
      "name": "CVE-2024-26643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
    },
    {
      "name": "CVE-2024-26779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
    },
    {
      "name": "CVE-2024-32021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
    },
    {
      "name": "CVE-2024-33599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
    },
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-28180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
    },
    {
      "name": "CVE-2024-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
    },
    {
      "name": "CVE-2024-35852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
    },
    {
      "name": "CVE-2024-23307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2023-52528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
    },
    {
      "name": "CVE-2024-27048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27048"
    },
    {
      "name": "CVE-2021-47013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47013"
    },
    {
      "name": "CVE-2023-52781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
    },
    {
      "name": "CVE-2024-35845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
    },
    {
      "name": "CVE-2021-41072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2021-47073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
    },
    {
      "name": "CVE-2024-26804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
    },
    {
      "name": "CVE-2024-26593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
    },
    {
      "name": "CVE-2022-48627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
    },
    {
      "name": "CVE-2021-47171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
    },
    {
      "name": "CVE-2024-26743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
    },
    {
      "name": "CVE-2023-52686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52686"
    },
    {
      "name": "CVE-2021-47236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47236"
    },
    {
      "name": "CVE-2023-39318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
    },
    {
      "name": "CVE-2023-6240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
    },
    {
      "name": "CVE-2024-32004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
    },
    {
      "name": "CVE-2021-47118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
    },
    {
      "name": "CVE-2024-35890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35890"
    },
    {
      "name": "CVE-2020-23064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
    },
    {
      "name": "CVE-2023-6918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2023-52877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2024-32020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2023-39319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
    },
    {
      "name": "CVE-2024-32487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
    },
    {
      "name": "CVE-2024-26826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26826"
    },
    {
      "name": "CVE-2024-27056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
    },
    {
      "name": "CVE-2024-26583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
    },
    {
      "name": "CVE-2024-26642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
    },
    {
      "name": "CVE-2021-47153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
    },
    {
      "name": "CVE-2024-35888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35888"
    },
    {
      "name": "CVE-2023-52700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52700"
    },
    {
      "name": "CVE-2023-31122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
    },
    {
      "name": "CVE-2023-52439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
    },
    {
      "name": "CVE-2021-47495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
    },
    {
      "name": "CVE-2024-26675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
    },
    {
      "name": "CVE-2019-14865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14865"
    },
    {
      "name": "CVE-2024-26906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
    },
    {
      "name": "CVE-2024-26610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
    },
    {
      "name": "CVE-2024-2357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2357"
    },
    {
      "name": "CVE-2024-26584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2024-26919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26919"
    },
    {
      "name": "CVE-2023-52445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
    },
    {
      "name": "CVE-2024-33601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
    },
    {
      "name": "CVE-2024-3019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3019"
    },
    {
      "name": "CVE-2022-2880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
    },
    {
      "name": "CVE-2024-27014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
    },
    {
      "name": "CVE-2021-34558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
    },
    {
      "name": "CVE-2024-32465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
    },
    {
      "name": "CVE-2024-22365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2023-43789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43789"
    },
    {
      "name": "CVE-2024-38428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
    },
    {
      "name": "CVE-2024-25062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
    },
    {
      "name": "CVE-2022-2879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2024-26892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26892"
    },
    {
      "name": "CVE-2024-35835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
    },
    {
      "name": "CVE-2024-26735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
    },
    {
      "name": "CVE-2023-52881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
    },
    {
      "name": "CVE-2023-4693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4693"
    },
    {
      "name": "CVE-2021-46972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46972"
    },
    {
      "name": "CVE-2023-52578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52578"
    },
    {
      "name": "CVE-2024-26461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
    },
    {
      "name": "CVE-2024-34750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
    },
    {
      "name": "CVE-2024-26458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
    },
    {
      "name": "CVE-2021-46934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
    },
    {
      "name": "CVE-2024-1048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1048"
    },
    {
      "name": "CVE-2023-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
    },
    {
      "name": "CVE-2023-52598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2023-7008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
    },
    {
      "name": "CVE-2024-26659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
    },
    {
      "name": "CVE-2023-52667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52667"
    },
    {
      "name": "CVE-2024-26933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26933"
    },
    {
      "name": "CVE-2023-31484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
    },
    {
      "name": "CVE-2023-52703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52703"
    },
    {
      "name": "CVE-2023-52594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
    },
    {
      "name": "CVE-2024-26693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26693"
    },
    {
      "name": "CVE-2023-52595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2023-45287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
    },
    {
      "name": "CVE-2022-48624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
    },
    {
      "name": "CVE-2024-26759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26759"
    },
    {
      "name": "CVE-2023-52464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
    },
    {
      "name": "CVE-2023-52813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
    },
    {
      "name": "CVE-2024-35838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35838"
    },
    {
      "name": "CVE-2023-52513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
    },
    {
      "name": "CVE-2023-52615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
    },
    {
      "name": "CVE-2023-52610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52610"
    },
    {
      "name": "CVE-2023-52560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52560"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2023-39322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
    },
    {
      "name": "CVE-2023-52606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
    },
    {
      "name": "CVE-2021-47069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
    },
    {
      "name": "CVE-2024-35960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
    },
    {
      "name": "CVE-2022-39253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2023-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
    },
    {
      "name": "CVE-2024-26872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
    },
    {
      "name": "CVE-2020-26555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
    },
    {
      "name": "CVE-2024-26901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
    },
    {
      "name": "CVE-2023-39326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2023-29409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
    },
    {
      "name": "CVE-2024-35789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
    },
    {
      "name": "CVE-2023-52835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
    },
    {
      "name": "CVE-2024-26982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
    },
    {
      "name": "CVE-2021-47310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47310"
    },
    {
      "name": "CVE-2023-52626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52626"
    },
    {
      "name": "CVE-2024-0340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
    },
    {
      "name": "CVE-2024-26744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
    },
    {
      "name": "CVE-2024-24786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
    },
    {
      "name": "CVE-2024-35958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
    },
    {
      "name": "CVE-2021-47456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47456"
    },
    {
      "name": "CVE-2021-40153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
    },
    {
      "name": "CVE-2024-32002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
    },
    {
      "name": "CVE-2022-48669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48669"
    },
    {
      "name": "CVE-2023-52565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52565"
    },
    {
      "name": "CVE-2023-52520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
    },
    {
      "name": "CVE-2021-47356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47356"
    },
    {
      "name": "CVE-2024-26694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26694"
    },
    {
      "name": "CVE-2024-2961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
    },
    {
      "name": "CVE-2024-26664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2021-47353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47353"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2023-52607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2018-25091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25091"
    },
    {
      "name": "CVE-2023-5090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5090"
    },
    {
      "name": "CVE-2024-27410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
    },
    {
      "name": "CVE-2021-46909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
    },
    {
      "name": "CVE-2024-35853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
    },
    {
      "name": "CVE-2024-26907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
    }
  ],
  "initial_release_date": "2024-09-05T00:00:00",
  "last_revision_date": "2024-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0741",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-05T00:00:00.000000"
    },
    {
      "description": "Ajout r\u00e9f\u00e9rence \u00e9diteur",
      "revision_date": "2024-09-06T00:00:00.000000"
    },
    {
      "description": "Correction d\u0027identifiants CVE erron\u00e9s",
      "revision_date": "2024-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Secure Analytics. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics",
  "vendor_advisories": [
    {
      "published_at": "2024-09-30",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA86686",
      "url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP9-IF02"
    }
  ]
}

CERTFR-2024-AVI-0646

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Storage Protect	Storage Protect Plus Server versions 10.1.x antérieures à 10.1.16.2
IBM	WebSphere	WebSphere Application Server Liberty versions antérieures à 24.0.0.5
IBM	VIOS	VIOS version 4.1 avec un fichier openssl.base versions antérieures à 3.0.13.1000
IBM	WebSphere	WebSphere Application Server versions 8.5.x antérieures à 8.5.5.25
IBM	AIX	AIX versions 7.2 et 7.3 avec un fichier openssl.base versions antérieures à 1.1.1.2400 ou 3.0.13.1000
IBM	WebSphere	WebSphere Application Server versions 9.0.x antérieures à 9.0.5.20
IBM	N/A	Sterling Control Center versions 6.3.0 antérieures à 6.3.0.0 iFix06
IBM	N/A	Sterling Control Center versions 6.2.1 antérieures à 6.2.1.0 iFix13
IBM	VIOS	VIOS versions 3.1 et 4.1 avec un fichier openssl.base versions antérieures à 1.1.1.2400 ou 3.0.13.1000
IBM	QRadar SIEM	QRadar SIEM versions 7.5.0.x antérieures à 7.5.0 UP9 IF01

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7161679	2024-07-29	vendor-advisory
Bulletin de sécurité IBM 7161667	2024-07-26	vendor-advisory
Bulletin de sécurité IBM 7161954	2024-07-30	vendor-advisory
Bulletin de sécurité IBM 7162032	2024-07-30	vendor-advisory
Bulletin de sécurité IBM 7160144	2024-07-12	vendor-advisory
Bulletin de sécurité IBM 7162077	2024-07-31	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Storage Protect Plus Server versions 10.1.x ant\u00e9rieures \u00e0 10.1.16.2",
      "product": {
        "name": "Storage Protect",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server Liberty versions ant\u00e9rieures \u00e0 24.0.0.5 ",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS version 4.1 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 3.0.13.1000",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.25",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 7.2 et 7.3 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 1.1.1.2400 ou 3.0.13.1000",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.20",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Control Center versions 6.3.0 ant\u00e9rieures \u00e0 6.3.0.0 iFix06",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Control Center versions 6.2.1 ant\u00e9rieures \u00e0 6.2.1.0 iFix13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS versions 3.1 et 4.1 avec un fichier openssl.base versions ant\u00e9rieures \u00e0 1.1.1.2400 ou 3.0.13.1000",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.0.x ant\u00e9rieures \u00e0 7.5.0 UP9 IF01",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-26934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
    },
    {
      "name": "CVE-2023-52477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
    },
    {
      "name": "CVE-2024-27059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27059"
    },
    {
      "name": "CVE-2023-38264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
    },
    {
      "name": "CVE-2024-28849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
    },
    {
      "name": "CVE-2024-26897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
    },
    {
      "name": "CVE-2021-47055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
    },
    {
      "name": "CVE-2024-35154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35154"
    },
    {
      "name": "CVE-2020-36777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36777"
    },
    {
      "name": "CVE-2024-27052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
    },
    {
      "name": "CVE-2023-52425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
    },
    {
      "name": "CVE-2024-25744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25744"
    },
    {
      "name": "CVE-2024-26973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
    },
    {
      "name": "CVE-2021-47185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
    },
    {
      "name": "CVE-2023-45283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
    },
    {
      "name": "CVE-2024-23650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23650"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2024-26603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
    },
    {
      "name": "CVE-2024-26964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26964"
    },
    {
      "name": "CVE-2021-33198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
    },
    {
      "name": "CVE-2024-26993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
    },
    {
      "name": "CVE-2019-25162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-25162"
    },
    {
      "name": "CVE-2022-41715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
    },
    {
      "name": "CVE-2023-39321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
    },
    {
      "name": "CVE-2023-45285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
    },
    {
      "name": "CVE-2024-24783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
    },
    {
      "name": "CVE-2023-45284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
    },
    {
      "name": "CVE-2024-29415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
    },
    {
      "name": "CVE-2023-45289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
    },
    {
      "name": "CVE-2024-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
    },
    {
      "name": "CVE-2024-26615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
    },
    {
      "name": "CVE-2024-26643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
    },
    {
      "name": "CVE-2024-26779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
    },
    {
      "name": "CVE-2024-25026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
    },
    {
      "name": "CVE-2023-45290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
    },
    {
      "name": "CVE-2024-32021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
    },
    {
      "name": "CVE-2024-28180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
    },
    {
      "name": "CVE-2024-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
    },
    {
      "name": "CVE-2024-23307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
    },
    {
      "name": "CVE-2023-52528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
    },
    {
      "name": "CVE-2024-27048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27048"
    },
    {
      "name": "CVE-2021-47013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47013"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2024-26593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
    },
    {
      "name": "CVE-2023-39320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39320"
    },
    {
      "name": "CVE-2022-48627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
    },
    {
      "name": "CVE-2021-47171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
    },
    {
      "name": "CVE-2024-26743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
    },
    {
      "name": "CVE-2023-39318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
    },
    {
      "name": "CVE-2023-6240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
    },
    {
      "name": "CVE-2024-32004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
    },
    {
      "name": "CVE-2021-47118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
    },
    {
      "name": "CVE-2024-24788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
    },
    {
      "name": "CVE-2023-51767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51767"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2024-32020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2024-22329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
    },
    {
      "name": "CVE-2019-20372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2023-29406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
    },
    {
      "name": "CVE-2023-39319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
    },
    {
      "name": "CVE-2024-32487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
    },
    {
      "name": "CVE-2024-27056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
    },
    {
      "name": "CVE-2024-26642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
    },
    {
      "name": "CVE-2024-24785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
    },
    {
      "name": "CVE-2021-47153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
    },
    {
      "name": "CVE-2023-52439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
    },
    {
      "name": "CVE-2024-26610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
    },
    {
      "name": "CVE-2024-2357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2357"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2024-26919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26919"
    },
    {
      "name": "CVE-2023-52445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
    },
    {
      "name": "CVE-2024-1394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1394"
    },
    {
      "name": "CVE-2022-2880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
    },
    {
      "name": "CVE-2024-27014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
    },
    {
      "name": "CVE-2021-34558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
    },
    {
      "name": "CVE-2024-32465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
    },
    {
      "name": "CVE-2022-2879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
    },
    {
      "name": "CVE-2024-26892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26892"
    },
    {
      "name": "CVE-2023-52578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52578"
    },
    {
      "name": "CVE-2023-29400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
    },
    {
      "name": "CVE-2024-24787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
    },
    {
      "name": "CVE-2022-38096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38096"
    },
    {
      "name": "CVE-2021-46934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
    },
    {
      "name": "CVE-2023-52598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2024-26659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
    },
    {
      "name": "CVE-2024-26933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26933"
    },
    {
      "name": "CVE-2023-46604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
    },
    {
      "name": "CVE-2023-52594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
    },
    {
      "name": "CVE-2024-26693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26693"
    },
    {
      "name": "CVE-2023-52595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
    },
    {
      "name": "CVE-2023-45287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
    },
    {
      "name": "CVE-2022-48624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2023-52513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
    },
    {
      "name": "CVE-2023-52610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52610"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2023-39322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
    },
    {
      "name": "CVE-2023-52606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
    },
    {
      "name": "CVE-2023-6546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6546"
    },
    {
      "name": "CVE-2023-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
    },
    {
      "name": "CVE-2024-26872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
    },
    {
      "name": "CVE-2024-26901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
    },
    {
      "name": "CVE-2024-1086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1086"
    },
    {
      "name": "CVE-2024-0565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0565"
    },
    {
      "name": "CVE-2023-39323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
    },
    {
      "name": "CVE-2023-39326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2023-29409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
    },
    {
      "name": "CVE-2023-42282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
    },
    {
      "name": "CVE-2023-39325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
    },
    {
      "name": "CVE-2024-0340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
    },
    {
      "name": "CVE-2024-26744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
    },
    {
      "name": "CVE-2024-24786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
    },
    {
      "name": "CVE-2024-32002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
    },
    {
      "name": "CVE-2022-48669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48669"
    },
    {
      "name": "CVE-2023-52565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52565"
    },
    {
      "name": "CVE-2023-52520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
    },
    {
      "name": "CVE-2024-26694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26694"
    },
    {
      "name": "CVE-2024-26664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
    },
    {
      "name": "CVE-2024-24784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
    },
    {
      "name": "CVE-2023-52607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
    },
    {
      "name": "CVE-2018-25091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25091"
    },
    {
      "name": "CVE-2023-6931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6931"
    }
  ],
  "initial_release_date": "2024-08-02T00:00:00",
  "last_revision_date": "2024-08-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0646",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-07-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7161679",
      "url": "https://www.ibm.com/support/pages/node/7161679"
    },
    {
      "published_at": "2024-07-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7161667",
      "url": "https://www.ibm.com/support/pages/node/7161667"
    },
    {
      "published_at": "2024-07-30",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7161954",
      "url": "https://www.ibm.com/support/pages/node/7161954"
    },
    {
      "published_at": "2024-07-30",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7162032",
      "url": "https://www.ibm.com/support/pages/node/7162032"
    },
    {
      "published_at": "2024-07-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7160144",
      "url": "https://www.ibm.com/support/pages/node/7160144"
    },
    {
      "published_at": "2024-07-31",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7162077",
      "url": "https://www.ibm.com/support/pages/node/7162077"
    }
  ]
}

CERTFR-2025-AVI-0855

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS versions 24.4 antérieures à 24.4R2
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 22.4R3-S8-EVO
Juniper Networks	Junos OS	Junos OS versions 23.4 antérieures à 23.4R2-S5
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S4-EVO
Juniper Networks	Junos OS	Junos OS versions antérieures à 22.4R3-S8
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-S2-EVO
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 24.4-EVO antérieures à 24.4R2-EVO
Juniper Networks	Junos Space	Junos Space versions antérieures à 24.1R4
Juniper Networks	Security Director	Security Director Policy Enforcer versions antérieures à 23.1R1 Hotpatch v3
Juniper Networks	Junos Space	Junos Space Security Director versions antérieures à 24.1R4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-S5-EVO
Juniper Networks	Junos OS	Junos OS versions 23.2 antérieures à 23.2R2-S4
Juniper Networks	Junos OS	Junos OS versions 24.2 antérieures à 24.2R2-S1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA103140	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103141	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103163	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103168	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103171	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103167	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103156	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103437	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103172	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103157	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103170	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103139	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103151	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103153	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103147	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103144	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103143	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103146	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103138	2025-10-08	vendor-advisory
Bulletin de sécurité Juniper Networks JSA103165	2025-10-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS versions 24.4 ant\u00e9rieures \u00e0 24.4R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions  ant\u00e9rieures \u00e0 22.4R3-S8-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S4-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 22.4R3-S8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-S2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 24.4-EVO ant\u00e9rieures \u00e0 24.4R2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R4",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 23.1R1 Hotpatch v3",
      "product": {
        "name": "Security Director",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R4",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-S5-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 24.2 ant\u00e9rieures \u00e0 24.2R2-S1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24795"
    },
    {
      "name": "CVE-2024-36903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36903"
    },
    {
      "name": "CVE-2023-44431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44431"
    },
    {
      "name": "CVE-2021-47606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47606"
    },
    {
      "name": "CVE-2025-59993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59993"
    },
    {
      "name": "CVE-2025-59997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59997"
    },
    {
      "name": "CVE-2023-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
    },
    {
      "name": "CVE-2025-59995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59995"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2023-28466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
    },
    {
      "name": "CVE-2024-36921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
    },
    {
      "name": "CVE-2025-59986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59986"
    },
    {
      "name": "CVE-2025-60009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60009"
    },
    {
      "name": "CVE-2025-59989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59989"
    },
    {
      "name": "CVE-2024-26897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
    },
    {
      "name": "CVE-2023-46103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46103"
    },
    {
      "name": "CVE-2024-27052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
    },
    {
      "name": "CVE-2023-2235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
    },
    {
      "name": "CVE-2025-59999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59999"
    },
    {
      "name": "CVE-2025-59994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59994"
    },
    {
      "name": "CVE-2024-4076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
    },
    {
      "name": "CVE-2025-59967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59967"
    },
    {
      "name": "CVE-2022-24805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
    },
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2023-3390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
    },
    {
      "name": "CVE-2024-37356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37356"
    },
    {
      "name": "CVE-2024-47538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
    },
    {
      "name": "CVE-2023-4004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
    },
    {
      "name": "CVE-2024-21823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
    },
    {
      "name": "CVE-2025-59991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59991"
    },
    {
      "name": "CVE-2024-5564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
    },
    {
      "name": "CVE-2024-26600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
    },
    {
      "name": "CVE-2023-28746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
    },
    {
      "name": "CVE-2023-52864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
    },
    {
      "name": "CVE-2025-26600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26600"
    },
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    },
    {
      "name": "CVE-2024-27280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
    },
    {
      "name": "CVE-2024-36929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
    },
    {
      "name": "CVE-2023-35788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
    },
    {
      "name": "CVE-2025-59982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59982"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2023-43785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43785"
    },
    {
      "name": "CVE-2024-30205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
    },
    {
      "name": "CVE-2018-17247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17247"
    },
    {
      "name": "CVE-2025-60004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60004"
    },
    {
      "name": "CVE-2023-51594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51594"
    },
    {
      "name": "CVE-2024-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
    },
    {
      "name": "CVE-2023-50229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50229"
    },
    {
      "name": "CVE-2025-59974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59974"
    },
    {
      "name": "CVE-2025-26598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26598"
    },
    {
      "name": "CVE-2018-3824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
    },
    {
      "name": "CVE-2024-40928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40928"
    },
    {
      "name": "CVE-2024-43398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
    },
    {
      "name": "CVE-2024-8508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
    },
    {
      "name": "CVE-2024-36020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36020"
    },
    {
      "name": "CVE-2021-45105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
    },
    {
      "name": "CVE-2025-59981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59981"
    },
    {
      "name": "CVE-2023-31248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31248"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2023-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
    },
    {
      "name": "CVE-2021-4104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
    },
    {
      "name": "CVE-2024-30203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
    },
    {
      "name": "CVE-2023-3090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
    },
    {
      "name": "CVE-2024-35937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
    },
    {
      "name": "CVE-2025-59968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59968"
    },
    {
      "name": "CVE-2023-51592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51592"
    },
    {
      "name": "CVE-2025-59990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59990"
    },
    {
      "name": "CVE-2021-22146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22146"
    },
    {
      "name": "CVE-2025-59978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59978"
    },
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-36017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
    },
    {
      "name": "CVE-2024-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
    },
    {
      "name": "CVE-2024-27434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27434"
    },
    {
      "name": "CVE-2023-47038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
    },
    {
      "name": "CVE-2024-35852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
    },
    {
      "name": "CVE-2024-38558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38558"
    },
    {
      "name": "CVE-2025-59992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59992"
    },
    {
      "name": "CVE-2024-35845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
    },
    {
      "name": "CVE-2021-41072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
    },
    {
      "name": "CVE-2025-60000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60000"
    },
    {
      "name": "CVE-2022-24807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
    },
    {
      "name": "CVE-2024-47607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
    },
    {
      "name": "CVE-2024-27065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
    },
    {
      "name": "CVE-2024-36005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
    },
    {
      "name": "CVE-2023-45866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45866"
    },
    {
      "name": "CVE-2023-27349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27349"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2015-5377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5377"
    },
    {
      "name": "CVE-2023-48161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
    },
    {
      "name": "CVE-2022-24810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
    },
    {
      "name": "CVE-2024-33621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
    },
    {
      "name": "CVE-2024-27983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
    },
    {
      "name": "CVE-2025-60001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60001"
    },
    {
      "name": "CVE-2024-5742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5742"
    },
    {
      "name": "CVE-2023-50230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50230"
    },
    {
      "name": "CVE-2025-52960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52960"
    },
    {
      "name": "CVE-2024-36922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36922"
    },
    {
      "name": "CVE-2025-59996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59996"
    },
    {
      "name": "CVE-2024-39487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
    },
    {
      "name": "CVE-2024-27982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
    },
    {
      "name": "CVE-2023-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38575"
    },
    {
      "name": "CVE-2024-35911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35911"
    },
    {
      "name": "CVE-2025-59957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59957"
    },
    {
      "name": "CVE-2025-59958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59958"
    },
    {
      "name": "CVE-2021-41043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
    },
    {
      "name": "CVE-2018-17244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17244"
    },
    {
      "name": "CVE-2019-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
    },
    {
      "name": "CVE-2024-39908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
    },
    {
      "name": "CVE-2025-26597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26597"
    },
    {
      "name": "CVE-2024-36971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
    },
    {
      "name": "CVE-2023-2603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
    },
    {
      "name": "CVE-2024-41946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
    },
    {
      "name": "CVE-2023-3776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
    },
    {
      "name": "CVE-2024-42934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42934"
    },
    {
      "name": "CVE-2023-51580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51580"
    },
    {
      "name": "CVE-2024-35848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35848"
    },
    {
      "name": "CVE-2024-27417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27417"
    },
    {
      "name": "CVE-2023-21102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21102"
    },
    {
      "name": "CVE-2024-27281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
    },
    {
      "name": "CVE-2025-59983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59983"
    },
    {
      "name": "CVE-2024-36941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
    },
    {
      "name": "CVE-2024-2236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
    },
    {
      "name": "CVE-2024-38428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
    },
    {
      "name": "CVE-2024-35969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35969"
    },
    {
      "name": "CVE-2021-45046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
    },
    {
      "name": "CVE-2025-60006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60006"
    },
    {
      "name": "CVE-2024-36489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
    },
    {
      "name": "CVE-2015-1427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1427"
    },
    {
      "name": "CVE-2024-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
    },
    {
      "name": "CVE-2024-35899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
    },
    {
      "name": "CVE-2024-35823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35823"
    },
    {
      "name": "CVE-2024-40954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
    },
    {
      "name": "CVE-2024-9632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9632"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2025-26595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26595"
    },
    {
      "name": "CVE-2024-26868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26868"
    },
    {
      "name": "CVE-2023-43787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43787"
    },
    {
      "name": "CVE-2023-43786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43786"
    },
    {
      "name": "CVE-2024-8235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8235"
    },
    {
      "name": "CVE-2023-4147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4147"
    },
    {
      "name": "CVE-2025-59977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59977"
    },
    {
      "name": "CVE-2023-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
    },
    {
      "name": "CVE-2023-3610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
    },
    {
      "name": "CVE-2025-26596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26596"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2022-48622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48622"
    },
    {
      "name": "CVE-2021-42550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
    },
    {
      "name": "CVE-2021-44228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
    },
    {
      "name": "CVE-2024-26828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
    },
    {
      "name": "CVE-2025-59998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59998"
    },
    {
      "name": "CVE-2024-26808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
    },
    {
      "name": "CVE-2024-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
    },
    {
      "name": "CVE-2025-60002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60002"
    },
    {
      "name": "CVE-2023-35001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
    },
    {
      "name": "CVE-2024-27282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
    },
    {
      "name": "CVE-2018-3831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3831"
    },
    {
      "name": "CVE-2023-43490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43490"
    },
    {
      "name": "CVE-2025-59976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59976"
    },
    {
      "name": "CVE-2025-59980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59980"
    },
    {
      "name": "CVE-2025-26599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26599"
    },
    {
      "name": "CVE-2024-47615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
    },
    {
      "name": "CVE-2018-3823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3823"
    },
    {
      "name": "CVE-2023-22655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22655"
    },
    {
      "name": "CVE-2024-6126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6126"
    },
    {
      "name": "CVE-2023-4911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
    },
    {
      "name": "CVE-2023-39368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39368"
    },
    {
      "name": "CVE-2021-44832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
    },
    {
      "name": "CVE-2024-26853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26853"
    },
    {
      "name": "CVE-2025-59975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59975"
    },
    {
      "name": "CVE-2025-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
    },
    {
      "name": "CVE-2025-59987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59987"
    },
    {
      "name": "CVE-2024-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
    },
    {
      "name": "CVE-2018-3826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3826"
    },
    {
      "name": "CVE-2025-26601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26601"
    },
    {
      "name": "CVE-2024-52337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52337"
    },
    {
      "name": "CVE-2025-59985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59985"
    },
    {
      "name": "CVE-2025-11198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11198"
    },
    {
      "name": "CVE-2022-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
    },
    {
      "name": "CVE-2023-32233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
    },
    {
      "name": "CVE-2024-35789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
    },
    {
      "name": "CVE-2024-26327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26327"
    },
    {
      "name": "CVE-2015-3253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3253"
    },
    {
      "name": "CVE-2025-59964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59964"
    },
    {
      "name": "CVE-2025-59988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59988"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2024-34397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
    },
    {
      "name": "CVE-2023-45733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45733"
    },
    {
      "name": "CVE-2021-40153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
    },
    {
      "name": "CVE-2024-6655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6655"
    },
    {
      "name": "CVE-2024-41123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
    },
    {
      "name": "CVE-2024-27049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27049"
    },
    {
      "name": "CVE-2025-59984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59984"
    },
    {
      "name": "CVE-2025-52961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52961"
    },
    {
      "name": "CVE-2023-51589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51589"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2021-3903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3903"
    },
    {
      "name": "CVE-2024-35800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35800"
    },
    {
      "name": "CVE-2023-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
    },
    {
      "name": "CVE-2023-51596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51596"
    },
    {
      "name": "CVE-2025-60010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-60010"
    },
    {
      "name": "CVE-2023-51764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51764"
    },
    {
      "name": "CVE-2025-26594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26594"
    },
    {
      "name": "CVE-2024-6409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6409"
    },
    {
      "name": "CVE-2024-49761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
    },
    {
      "name": "CVE-2022-24808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
    },
    {
      "name": "CVE-2025-59962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59962"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2024-40961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
    }
  ],
  "initial_release_date": "2025-10-09T00:00:00",
  "last_revision_date": "2025-10-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0855",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103140",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-XSS-vulnerabilities-resolved-in-24-1R4-release"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103141",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R4-release"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103163",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-Multiple-OS-command-injection-vulnerabilities-fixed-CVE-2025-60006"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103168",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Device-allows-login-for-user-with-expired-password-CVE-2025-60010"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103171",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Reflected-client-side-HTTP-parameter-pollution-vulnerability-in-web-interface-CVE-2025-59977"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103167",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-When-a-user-with-the-name-ftp-or-anonymous-is-configured-unauthenticated-filesystem-access-is-allowed-CVE-2025-59980"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103156",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7024X-ACX7100-32C-ACX7100-48L-ACX7348-ACX7509-When-specific-valid-multicast-traffic-is-received-on-the-L3-interface-a-vulnerable-device-evo-pfemand-crashes-and-restarts-CVE-2025-59967"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103437",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Security-Director-Policy-Enforcer-An-unrestricted-API-allows-a-network-based-unauthenticated-attacker-to-deploy-malicious-vSRX-images-to-VMWare-NSX-Server-CVE-2025-11198"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103172",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Flooding-device-with-inbound-API-calls-leads-to-WebUI-and-CLI-management-access-DoS-CVE-2025-59975"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103157",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Juniper-Security-Director-Insufficient-authorization-for-sensitive-resources-in-web-interface-CVE-2025-59968"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103170",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Arbitrary-file-download-vulnerability-in-web-interface-CVE-2025-59976"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103139",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103151",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-sharding-enabled-change-in-indirect-next-hop-can-cause-RPD-crash-CVE-2025-59962"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103153",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX4700-When-forwarding-options-sampling-is-enabled-any-traffic-destined-to-the-RE-will-cause-the-forwarding-line-card-to-crash-and-restart-CVE-2025-59964"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103147",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-When-firewall-filter-rejects-traffic-these-packets-are-erroneously-sent-to-the-RE-CVE-2025-59958"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103144",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-except-PTX10003-An-unauthenticated-adjacent-attacker-sending-specific-valid-traffic-can-cause-a-memory-leak-in-cfmman-leading-to-FPC-crash-and-restart-CVE-2025-52961"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103143",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Receipt-of-specific-SIP-packets-in-a-high-utilization-situation-causes-a-flowd-crash-CVE-2025-52960"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103146",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-An-attacker-with-physical-access-can-open-a-persistent-backdoor-CVE-2025-59957"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103138",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4-by-upgrading-Log4j-Java-library-to-2-23-1-and-ElasticSearch-to-6-8-17"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103165",
      "url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-BGP-EVPN-update-message-causes-rpd-crash-CVE-2025-60004"
    }
  ]
}

CERTFR-2024-AVI-0627

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu	VMware Tanzu Applications Service for VMs versions antérieures à 4.0.19+LTS-T
VMware	Tanzu	VMware Tanzu Applications Service for VMs versions 5.0.x antérieures à 5.0.9
VMware	Tanzu	CF Deployment versions antérieures à 39.3.0
VMware	Tanzu	Cflinuxfs3 versions antérieures à 0.386.0
VMware	Tanzu	Tanzu Application Service versions 6.0.x antérieures à 6.0.5+LTS-T
VMware	Tanzu	Jammy Stemcells versions antérieures à 1.404
VMware	Tanzu	Isolation Segment versions antérieures à 4.0.19+LTS-T
VMware	Tanzu	Tanzu Greenplum pour Kubernetes versions antérieures à 2.0.0
VMware	Tanzu	Operations Manager versions antérieures à 3.0.25+LTS-T
VMware	Tanzu	Cflinuxfs4 versions antérieures à 1.79.0
VMware	Tanzu	Isolation Segment versions 5.0.x antérieures à 5.0.9
VMware	Tanzu	Tanzu Application Service versions antérieures à 4.0.25+LTS-T
VMware	Tanzu	Tanzu Application Service versions 5.0.x antérieures à 5.0.15

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 24838	2024-07-25	vendor-advisory
Bulletin de sécurité VMware 24848	2024-07-25	vendor-advisory
Bulletin de sécurité VMware 24845	2024-07-25	vendor-advisory
Bulletin de sécurité VMware 24840	2024-07-25	vendor-advisory
Bulletin de sécurité VMware 24850	2024-07-25	vendor-advisory
Bulletin de sécurité VMware 24837	2024-07-25	vendor-advisory
Bulletin de sécurité VMware 24836	2024-07-25	vendor-advisory
Bulletin de sécurité VMware 24844	2024-07-25	vendor-advisory
Bulletin de sécurité VMware 24842	2024-07-25	vendor-advisory
Bulletin de sécurité VMware 24843	2024-07-25	vendor-advisory
Bulletin de sécurité VMware 24839	2024-07-25	vendor-advisory
Bulletin de sécurité VMware 24841	2024-07-25	vendor-advisory
Bulletin de sécurité VMware 24827	2024-07-25	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Tanzu Applications Service for VMs versions ant\u00e9rieures \u00e0 4.0.19+LTS-T ",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tanzu Applications Service for VMs versions 5.0.x ant\u00e9rieures \u00e0 5.0.9",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "CF Deployment versions ant\u00e9rieures \u00e0 39.3.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Cflinuxfs3 versions ant\u00e9rieures \u00e0 0.386.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Application Service versions 6.0.x ant\u00e9rieures \u00e0 6.0.5+LTS-T",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Jammy Stemcells versions ant\u00e9rieures \u00e0 1.404",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segment versions ant\u00e9rieures \u00e0 4.0.19+LTS-T ",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Greenplum pour Kubernetes versions ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Operations Manager versions ant\u00e9rieures \u00e0 3.0.25+LTS-T",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Cflinuxfs4 versions ant\u00e9rieures \u00e0 1.79.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segment versions 5.0.x ant\u00e9rieures \u00e0 5.0.9",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Application Service versions ant\u00e9rieures \u00e0 4.0.25+LTS-T",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Application Service versions 5.0.x ant\u00e9rieures \u00e0 5.0.15 ",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-52356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
    },
    {
      "name": "CVE-2022-43236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43236"
    },
    {
      "name": "CVE-2022-43237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43237"
    },
    {
      "name": "CVE-2024-20977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20977"
    },
    {
      "name": "CVE-2024-20985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20985"
    },
    {
      "name": "CVE-2024-20964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20964"
    },
    {
      "name": "CVE-2024-20976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20976"
    },
    {
      "name": "CVE-2023-24757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24757"
    },
    {
      "name": "CVE-2022-43239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43239"
    },
    {
      "name": "CVE-2023-50868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
    },
    {
      "name": "CVE-2022-43240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43240"
    },
    {
      "name": "CVE-2022-43244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43244"
    },
    {
      "name": "CVE-2024-20962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20962"
    },
    {
      "name": "CVE-2022-47695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47695"
    },
    {
      "name": "CVE-2021-36411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36411"
    },
    {
      "name": "CVE-2024-20969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20969"
    },
    {
      "name": "CVE-2023-4408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4408"
    },
    {
      "name": "CVE-2023-6277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
    },
    {
      "name": "CVE-2023-24758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24758"
    },
    {
      "name": "CVE-2022-43249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43249"
    },
    {
      "name": "CVE-2022-43242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43242"
    },
    {
      "name": "CVE-2024-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
    },
    {
      "name": "CVE-2024-20966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20966"
    },
    {
      "name": "CVE-2022-48065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48065"
    },
    {
      "name": "CVE-2024-20972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20972"
    },
    {
      "name": "CVE-2021-35452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35452"
    },
    {
      "name": "CVE-2022-43248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43248"
    },
    {
      "name": "CVE-2023-24752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24752"
    },
    {
      "name": "CVE-2022-43245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43245"
    },
    {
      "name": "CVE-2021-36410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36410"
    },
    {
      "name": "CVE-2023-24751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24751"
    },
    {
      "name": "CVE-2023-25221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25221"
    },
    {
      "name": "CVE-2024-20961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20961"
    },
    {
      "name": "CVE-2023-43040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43040"
    },
    {
      "name": "CVE-2023-5517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5517"
    },
    {
      "name": "CVE-2024-20983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20983"
    },
    {
      "name": "CVE-2023-24754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24754"
    },
    {
      "name": "CVE-2022-1253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1253"
    },
    {
      "name": "CVE-2024-20984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20984"
    },
    {
      "name": "CVE-2022-43235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43235"
    },
    {
      "name": "CVE-2022-47665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47665"
    },
    {
      "name": "CVE-2022-48063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48063"
    },
    {
      "name": "CVE-2024-38806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38806"
    },
    {
      "name": "CVE-2022-43253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43253"
    },
    {
      "name": "CVE-2023-24755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24755"
    },
    {
      "name": "CVE-2022-43252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43252"
    },
    {
      "name": "CVE-2023-6228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
    },
    {
      "name": "CVE-2024-20963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20963"
    },
    {
      "name": "CVE-2022-43238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43238"
    },
    {
      "name": "CVE-2024-20981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20981"
    },
    {
      "name": "CVE-2021-36409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36409"
    },
    {
      "name": "CVE-2023-24756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24756"
    },
    {
      "name": "CVE-2022-43243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43243"
    },
    {
      "name": "CVE-2023-50387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
    },
    {
      "name": "CVE-2024-0985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
    },
    {
      "name": "CVE-2024-20974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20974"
    },
    {
      "name": "CVE-2022-43241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43241"
    },
    {
      "name": "CVE-2021-36408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36408"
    },
    {
      "name": "CVE-2024-20982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20982"
    },
    {
      "name": "CVE-2022-43250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43250"
    },
    {
      "name": "CVE-2024-20971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20971"
    },
    {
      "name": "CVE-2024-20978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20978"
    },
    {
      "name": "CVE-2024-20973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20973"
    },
    {
      "name": "CVE-2024-20965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20965"
    },
    {
      "name": "CVE-2024-20967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20967"
    },
    {
      "name": "CVE-2024-20970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20970"
    },
    {
      "name": "CVE-2023-5679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5679"
    },
    {
      "name": "CVE-2024-20960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20960"
    }
  ],
  "initial_release_date": "2024-07-26T00:00:00",
  "last_revision_date": "2024-07-26T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0627",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-07-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2024-07-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24838",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24838"
    },
    {
      "published_at": "2024-07-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24848",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24848"
    },
    {
      "published_at": "2024-07-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24845",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24845"
    },
    {
      "published_at": "2024-07-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24840",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24840"
    },
    {
      "published_at": "2024-07-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24850",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24850"
    },
    {
      "published_at": "2024-07-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24837",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24837"
    },
    {
      "published_at": "2024-07-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24836",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24836"
    },
    {
      "published_at": "2024-07-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24844",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24844"
    },
    {
      "published_at": "2024-07-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24842",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24842"
    },
    {
      "published_at": "2024-07-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24843",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24843"
    },
    {
      "published_at": "2024-07-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24839",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24839"
    },
    {
      "published_at": "2024-07-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24841",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24841"
    },
    {
      "published_at": "2024-07-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 24827",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24827"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-24806 (GCVE-0-2024-24806)

Vulnerability from cvelistv5

CERTFR-2024-AVI-0741

Vulnerability from certfr_avis

Solutions

CERTFR-2024-AVI-0646

Vulnerability from certfr_avis

Solutions

CERTFR-2025-AVI-0855

Vulnerability from certfr_avis

Solutions

CERTFR-2024-AVI-0627

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature