Vulnerability-Lookup

CVE-2021-22940 (GCVE-0-2021-22940)

Vulnerability from cvelistv5 – Published: 2021-08-16 00:00 – Updated: 2025-04-30 22:24

Summary

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

Severity ?

No CVSS data available.

CWE

CWE-416 - Use After Free (CWE-416)

Assigner

hackerone

References

9 references

URL	Tags
https://hackerone.com/reports/1238162
https://nodejs.org/en/blog/vulnerability/aug-2021…
https://www.oracle.com/security-alerts/cpuoct2021.html
https://security.netapp.com/advisory/ntap-2021092…
https://www.oracle.com/security-alerts/cpujan2022.html
https://cert-portal.siemens.com/productcert/pdf/s…
https://www.oracle.com/security-alerts/cpujul2022.html
https://lists.debian.org/debian-lts-announce/2022…	mailing-list
https://security.gentoo.org/glsa/202401-02	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
NodeJS	Node	Affected: 4.0 , < 4.* (semver) Affected: 5.0 , < 5.* (semver) Affected: 6.0 , < 6.* (semver) Affected: 7.0 , < 7.* (semver) Affected: 8.0 , < 8.* (semver) Affected: 9.0 , < 9.* (semver) Affected: 10.0 , < 10.* (semver) Affected: 11.0 , < 11.* (semver) Affected: 12.0 , < 12.22.5 (semver) Affected: 13.0 , < 13.* (semver) Affected: 14.0 , < 14.17.5 (semver) Affected: 15.0 , < 15.* (semver) Affected: 16.0 , < 16.6.2 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:25.987Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1238162"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210923-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
          },
          {
            "name": "GLSA-202401-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Node",
          "vendor": "NodeJS",
          "versions": [
            {
              "lessThan": "4.*",
              "status": "affected",
              "version": "4.0",
              "versionType": "semver"
            },
            {
              "lessThan": "5.*",
              "status": "affected",
              "version": "5.0",
              "versionType": "semver"
            },
            {
              "lessThan": "6.*",
              "status": "affected",
              "version": "6.0",
              "versionType": "semver"
            },
            {
              "lessThan": "7.*",
              "status": "affected",
              "version": "7.0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.*",
              "status": "affected",
              "version": "8.0",
              "versionType": "semver"
            },
            {
              "lessThan": "9.*",
              "status": "affected",
              "version": "9.0",
              "versionType": "semver"
            },
            {
              "lessThan": "10.*",
              "status": "affected",
              "version": "10.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.*",
              "status": "affected",
              "version": "11.0",
              "versionType": "semver"
            },
            {
              "lessThan": "12.22.5",
              "status": "affected",
              "version": "12.0",
              "versionType": "semver"
            },
            {
              "lessThan": "13.*",
              "status": "affected",
              "version": "13.0",
              "versionType": "semver"
            },
            {
              "lessThan": "14.17.5",
              "status": "affected",
              "version": "14.0",
              "versionType": "semver"
            },
            {
              "lessThan": "15.*",
              "status": "affected",
              "version": "15.0",
              "versionType": "semver"
            },
            {
              "lessThan": "16.6.2",
              "status": "affected",
              "version": "16.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "Use After Free (CWE-416)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-30T22:24:35.552Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/1238162"
        },
        {
          "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210923-0001/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "name": "[debian-lts-announce] 20221005 [SECURITY] [DLA 3137-1] nodejs security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
        },
        {
          "name": "GLSA-202401-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-02"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2021-22940",
    "datePublished": "2021-08-16T00:00:00.000Z",
    "dateReserved": "2021-01-06T00:00:00.000Z",
    "dateUpdated": "2025-04-30T22:24:35.552Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-22940",
      "date": "2026-05-20",
      "epss": "0.00386",
      "percentile": "0.59928"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\", \"versionStartIncluding\": \"12.0.0\", \"versionEndExcluding\": \"12.22.5\", \"matchCriteriaId\": \"EACF78A5-3B04-44D7-AC0B-E47D91B6383B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndExcluding\": \"14.17.5\", \"matchCriteriaId\": \"D7F361B8-E95A-4107-AED1-5933531ABCD2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\", \"versionStartIncluding\": \"16.0.0\", \"versionEndExcluding\": \"16.6.2\", \"matchCriteriaId\": \"59F5CA28-E970-48C4-A406-31667C47F61D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"53B2BB06-A2F7-4603-89C3-C8500E55483A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*\", \"matchCriteriaId\": \"01E88C86-8C04-4A4A-BF45-9082AA783056\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"9.2.6.1\", \"matchCriteriaId\": \"F7137F32-D8B8-4D48-B465-CEB35B085CBE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E1E416B-920B-49A0-9523-382898C2979D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:nextgen_api:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EE68D2F-B62A-413E-9C14-0797D9C9DD60\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.0.1.1\", \"matchCriteriaId\": \"B0F46497-4AB0-49A7-9453-CC26837BF253\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.\"}, {\"lang\": \"es\", \"value\": \"Node.js versiones anteriores a 16.6.1, 14.17.5 y 12.22.5, es vulnerable a un ataque de uso de memoria previamente liberada donde un atacante podr\\u00eda ser capaz de explotar la corrupci\\u00f3n de memoria para cambiar el comportamiento del proceso.\"}]",
      "id": "CVE-2021-22940",
      "lastModified": "2024-11-21T05:50:58.827",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-08-16T19:15:13.987",
      "references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://hackerone.com/reports/1238162\", \"source\": \"support@hackerone.com\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-02\", \"source\": \"support@hackerone.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210923-0001/\", \"source\": \"support@hackerone.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"support@hackerone.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://hackerone.com/reports/1238162\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-02\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210923-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "support@hackerone.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"support@hackerone.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-22940\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2021-08-16T19:15:13.987\",\"lastModified\":\"2024-11-21T05:50:58.827\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.\"},{\"lang\":\"es\",\"value\":\"Node.js versiones anteriores a 16.6.1, 14.17.5 y 12.22.5, es vulnerable a un ataque de uso de memoria previamente liberada donde un atacante podr\u00eda ser capaz de explotar la corrupci\u00f3n de memoria para cambiar el comportamiento del proceso.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"12.0.0\",\"versionEndExcluding\":\"12.22.5\",\"matchCriteriaId\":\"EACF78A5-3B04-44D7-AC0B-E47D91B6383B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndExcluding\":\"14.17.5\",\"matchCriteriaId\":\"D7F361B8-E95A-4107-AED1-5933531ABCD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"16.0.0\",\"versionEndExcluding\":\"16.6.2\",\"matchCriteriaId\":\"59F5CA28-E970-48C4-A406-31667C47F61D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:20.3.3:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"53B2BB06-A2F7-4603-89C3-C8500E55483A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:graalvm:21.2.0:*:*:*:enterprise:*:*:*\",\"matchCriteriaId\":\"01E88C86-8C04-4A4A-BF45-9082AA783056\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2.6.1\",\"matchCriteriaId\":\"F7137F32-D8B8-4D48-B465-CEB35B085CBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E1E416B-920B-49A0-9523-382898C2979D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8AF00C6-B97F-414D-A8DF-057E6BFD8597\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:nextgen_api:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EE68D2F-B62A-413E-9C14-0797D9C9DD60\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0.1.1\",\"matchCriteriaId\":\"B0F46497-4AB0-49A7-9453-CC26837BF253\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/1238162\",\"source\":\"support@hackerone.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-02\",\"source\":\"support@hackerone.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210923-0001/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"support@hackerone.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/1238162\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210923-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

CERTFR-2021-AVI-932

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Db2	Db2 versions 9.7.x antérieures à 9.7 FP11
IBM	Db2	Db2 versions 11.5.x antérieures à 11.5.7
IBM	Db2	Db2 versions 10.1.x antérieures à 10.1 FP6
IBM	Db2	Db2 versions 10.5.x antérieures à 10.5 FP11
IBM	Spectrum	Spectrum Control versions 5.3.x et 5.4.x antérieures à 5.4.5
IBM	Db2	Db2 versions 11.1.x antérieures à 11.1.4 FP6

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6523806 du 09 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6524930 du 09 décembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Db2 versions 9.7.x ant\u00e9rieures \u00e0 9.7 FP11",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.7",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 10.1.x ant\u00e9rieures \u00e0 10.1 FP6",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 10.5.x ant\u00e9rieures \u00e0 10.5 FP11",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Control versions 5.3.x et 5.4.x ant\u00e9rieures \u00e0 5.4.5",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 11.1.x ant\u00e9rieures \u00e0 11.1.4 FP6",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
    },
    {
      "name": "CVE-2021-22930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
    },
    {
      "name": "CVE-2021-22939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
    },
    {
      "name": "CVE-2021-35517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
    },
    {
      "name": "CVE-2021-36090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
    },
    {
      "name": "CVE-2021-29678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29678"
    },
    {
      "name": "CVE-2021-29842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29842"
    },
    {
      "name": "CVE-2021-22931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-932",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6523806 du 09 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6523806"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6524930 du 09 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6524930"
    }
  ]
}

CERTFR-2021-AVI-943

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges, un déni de service à distance et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Spectrum	IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.13
IBM	Spectrum	IBM Spectrum Protect Client versions 7.1.x antérieures à 7.1.8.12
IBM	Spectrum	IBM Spectrum Protect Client versions 8.1.x antérieures à 8.1.13
IBM	N/A	Rational Developer for i (RDi) RPG and COBOL + Modernization Tools, Java Edition toutes versions
IBM	Spectrum	IBM Spectrum Copy Data Management version 2.2.x antérieures à 2.2.14
IBM	Spectrum	IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.9

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6525034 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6525250 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6525260 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6524712 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6525674 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6524908 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6525554 du 10 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6525182 du 10 décembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.13",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Client versions 7.1.x ant\u00e9rieures \u00e0 7.1.8.12",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.13",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Rational Developer for i (RDi) RPG and COBOL + Modernization Tools, Java Edition toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Copy Data Management version 2.2.x ant\u00e9rieures \u00e0 2.2.14",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.9",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-39154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39154"
    },
    {
      "name": "CVE-2021-21343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21343"
    },
    {
      "name": "CVE-2021-38947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38947"
    },
    {
      "name": "CVE-2021-32027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32027"
    },
    {
      "name": "CVE-2021-21348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21348"
    },
    {
      "name": "CVE-2021-29505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29505"
    },
    {
      "name": "CVE-2021-39146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39146"
    },
    {
      "name": "CVE-2021-33502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
    },
    {
      "name": "CVE-2020-13956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13956"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2020-26258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26258"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2021-22940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
    },
    {
      "name": "CVE-2020-10683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
    },
    {
      "name": "CVE-2021-21344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21344"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2021-22930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
    },
    {
      "name": "CVE-2021-39149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39149"
    },
    {
      "name": "CVE-2021-39065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39065"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2020-26259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26259"
    },
    {
      "name": "CVE-2021-39139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39139"
    },
    {
      "name": "CVE-2021-21341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21341"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2021-39064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39064"
    },
    {
      "name": "CVE-2021-39054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39054"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2021-35516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
    },
    {
      "name": "CVE-2021-39147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39147"
    },
    {
      "name": "CVE-2021-39152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39152"
    },
    {
      "name": "CVE-2021-22939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2021-33197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33197"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2021-39145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39145"
    },
    {
      "name": "CVE-2021-37713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
    },
    {
      "name": "CVE-2021-35517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
    },
    {
      "name": "CVE-2021-35065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
    },
    {
      "name": "CVE-2020-14314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
    },
    {
      "name": "CVE-2021-39144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39144"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2021-37712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2021-3711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
    },
    {
      "name": "CVE-2021-21347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21347"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2021-36090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
    },
    {
      "name": "CVE-2020-26217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26217"
    },
    {
      "name": "CVE-2021-39151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39151"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2020-14385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
    },
    {
      "name": "CVE-2021-21346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21346"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2021-39148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39148"
    },
    {
      "name": "CVE-2021-21351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21351"
    },
    {
      "name": "CVE-2021-21345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21345"
    },
    {
      "name": "CVE-2021-36221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2021-33909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
    },
    {
      "name": "CVE-2021-34558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
    },
    {
      "name": "CVE-2021-3715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2021-32028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32028"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2021-29923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29923"
    },
    {
      "name": "CVE-2019-10172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
    },
    {
      "name": "CVE-2021-39052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39052"
    },
    {
      "name": "CVE-2021-39150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39150"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2021-22931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
    },
    {
      "name": "CVE-2021-21349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21349"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2021-39134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39134"
    },
    {
      "name": "CVE-2021-39140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39140"
    },
    {
      "name": "CVE-2021-39058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39058"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2021-39153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39153"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2021-21342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21342"
    },
    {
      "name": "CVE-2021-23368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23368"
    },
    {
      "name": "CVE-2021-39135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39135"
    },
    {
      "name": "CVE-2021-35515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
    },
    {
      "name": "CVE-2021-29060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29060"
    },
    {
      "name": "CVE-2021-32029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32029"
    },
    {
      "name": "CVE-2021-21350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21350"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2020-7656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2021-39053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39053"
    },
    {
      "name": "CVE-2021-33195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33195"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2021-39141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39141"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-943",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges, un\nd\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance\n(XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6525034 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6525034"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6525250 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6525250"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6525260 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6525260"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6524712 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6524712"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6525674 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6525674"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6524908 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6524908"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6525554 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6525554"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6525182 du 10 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6525182"
    }
  ]
}

CERTFR-2022-AVI-216

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Mendix Forgot Password Appstore module versions 3.2.x antérieures à 3.2.2
Mendix Forgot Password Appstore module versions 3.3.x à 3.5.x antérieures à 3.5.1
Mendix Applications utilisant Mendix versions 7.x antérieures à 7.23.29
Mendix Applications utilisant Mendix versions 8.x antérieures à 8.18.16
COMOS versions antérieures à 10.4.1
Simcenter STAR-CCM+ Viewer versions antérieures à V2022.1
SIMOTICS CONNECT 400 versions antérieures à 1.0.0.0
Climatix POL909 (module AWB) versions antérieures à 11.44
Climatix POL909 (module AWM) versions antérieures à 11.36
RUGGEDCOM ROS M2100, RMC8388, RS416v2, RS900G, RS900G (32M), RSG900, RSG920P, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions antérieures à 5.6.0
SINUMERIK MC versions antérieures à 1.15 SP1
SINUMERIK ONE versions antérieures à 6.15 SP1
SINEC INS versions antérieures à 1.0.1.1
RUGGEDCOM ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536 et RX5000 versions antérieures à 2.15.0
Polarion Subversion Webclient versions antérieures à 21 R2 P2
RUGGEDCOM ROS i800, i801, i802, i803, M969, M2100, M2200, RMC, RMC20, RMC30, RMC40, RMC41, RMC8388, RP110, RS400, RS401, RS416, RS416v2, RS900 (32M), RS900G, RS900G (32M), RS900GP, RS900L, RS900L, RS900W, RS910, RS910L, RS910W, RS920L, RS920W, RS930L, RS930W, RS940G, RS969, RS8000, RS8000A, RS8000H, RS8000T, RSG900, RSG900C, RSG900G, RSG900R, RSG907R, RSG908C, RSG909R, RSG910C, RSG920P, RSG2100, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2200, RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions antérieures à 5.6.0

L'éditeur ne propose pas de correctif pour :

Mendix Applications utilisant Mendix versions 9
SINEC NMS toutes versions

Se référer aux mesures de contournement proposées dans la section Documentation.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-166747 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-252466 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-562051 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-223353 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-337210 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-148641 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-389290 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-764417 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-256353 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-703715 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-594438 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-415938 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-134279 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-155599 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-406691 du 8 mars 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-250085 du 8 mars 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eMendix Forgot Password Appstore module versions 3.2.x ant\u00e9rieures \u00e0 3.2.2\u003c/li\u003e \u003cli\u003eMendix Forgot Password Appstore module versions 3.3.x \u00e0 3.5.x ant\u00e9rieures \u00e0 3.5.1\u003c/li\u003e \u003cli\u003eMendix Applications utilisant Mendix versions 7.x ant\u00e9rieures \u00e0 7.23.29\u003c/li\u003e \u003cli\u003eMendix Applications utilisant Mendix versions 8.x ant\u00e9rieures \u00e0 8.18.16\u003c/li\u003e \u003cli\u003eCOMOS versions ant\u00e9rieures \u00e0 10.4.1\u003c/li\u003e \u003cli\u003eSimcenter STAR-CCM+ Viewer versions ant\u00e9rieures \u00e0 V2022.1\u003c/li\u003e \u003cli\u003eSIMOTICS CONNECT 400 versions ant\u00e9rieures \u00e0 1.0.0.0\u003c/li\u003e \u003cli\u003eClimatix POL909 (module AWB) versions ant\u00e9rieures \u00e0 11.44\u003c/li\u003e \u003cli\u003eClimatix POL909 (module AWM) versions ant\u00e9rieures \u00e0 11.36\u003c/li\u003e \u003cli\u003eRUGGEDCOM ROS M2100, RMC8388, RS416v2, RS900G, RS900G (32M), RSG900, RSG920P, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions ant\u00e9rieures \u00e0 5.6.0\u003c/li\u003e \u003cli\u003eSINUMERIK MC versions ant\u00e9rieures \u00e0 1.15 SP1\u003c/li\u003e \u003cli\u003eSINUMERIK ONE versions ant\u00e9rieures \u00e0 6.15 SP1\u003c/li\u003e \u003cli\u003eSINEC INS versions ant\u00e9rieures \u00e0 1.0.1.1\u003c/li\u003e \u003cli\u003eRUGGEDCOM ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536 et RX5000 versions ant\u00e9rieures \u00e0 2.15.0\u003c/li\u003e \u003cli\u003ePolarion Subversion Webclient versions ant\u00e9rieures \u00e0 21 R2 P2\u003c/li\u003e \u003cli\u003eRUGGEDCOM ROS i800, i801, i802, i803, M969, M2100, M2200, RMC, RMC20, RMC30, RMC40, RMC41, RMC8388, RP110, RS400, RS401, RS416, RS416v2, RS900 (32M), RS900G, RS900G (32M), RS900GP, RS900L, RS900L, RS900W, RS910, RS910L, RS910W, RS920L, RS920W, RS930L, RS930W, RS940G, RS969, RS8000, RS8000A, RS8000H, RS8000T, RSG900, RSG900C, RSG900G, RSG900R, RSG907R, RSG908C, RSG909R, RSG910C, RSG920P, RSG2100, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2200, RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions ant\u00e9rieures \u00e0 5.6.0\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eL\u0027\u00e9diteur ne propose pas de correctif pour :\u003c/p\u003e \u003cul\u003e \u003cli\u003eMendix Applications utilisant Mendix versions 9\u003c/li\u003e \u003cli\u003eSINEC NMS toutes versions\u003c/li\u003e \u003c/ul\u003e \u003cp\u003eSe r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es dans la section Documentation.\u003c/p\u003e \u003cp\u003e\u0026nbsp;\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-44478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44478"
    },
    {
      "name": "CVE-2021-22898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22898"
    },
    {
      "name": "CVE-2020-13871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
    },
    {
      "name": "CVE-2021-42017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42017"
    },
    {
      "name": "CVE-2022-24282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24282"
    },
    {
      "name": "CVE-2021-25215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25215"
    },
    {
      "name": "CVE-2019-19317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19317"
    },
    {
      "name": "CVE-2020-8169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8169"
    },
    {
      "name": "CVE-2021-25174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25174"
    },
    {
      "name": "CVE-2021-22925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
    },
    {
      "name": "CVE-2021-37701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
    },
    {
      "name": "CVE-2021-32944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32944"
    },
    {
      "name": "CVE-2019-19244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19244"
    },
    {
      "name": "CVE-2021-27290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
    },
    {
      "name": "CVE-2021-42020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42020"
    },
    {
      "name": "CVE-2020-8285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
    },
    {
      "name": "CVE-2021-22901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22901"
    },
    {
      "name": "CVE-2021-22940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
    },
    {
      "name": "CVE-2021-32804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
    },
    {
      "name": "CVE-2020-13632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
    },
    {
      "name": "CVE-2022-24281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24281"
    },
    {
      "name": "CVE-2021-32936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32936"
    },
    {
      "name": "CVE-2021-22930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
    },
    {
      "name": "CVE-2019-19926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19926"
    },
    {
      "name": "CVE-2020-9327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
    },
    {
      "name": "CVE-2020-8286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
    },
    {
      "name": "CVE-2020-7774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
    },
    {
      "name": "CVE-2021-22918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
    },
    {
      "name": "CVE-2020-27304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27304"
    },
    {
      "name": "CVE-2021-32946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32946"
    },
    {
      "name": "CVE-2021-41543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41543"
    },
    {
      "name": "CVE-2020-8177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2021-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
    },
    {
      "name": "CVE-2021-22939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
    },
    {
      "name": "CVE-2019-19646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
    },
    {
      "name": "CVE-2021-40366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40366"
    },
    {
      "name": "CVE-2021-41542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41542"
    },
    {
      "name": "CVE-2021-41541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41541"
    },
    {
      "name": "CVE-2021-22924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
    },
    {
      "name": "CVE-2022-24309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24309"
    },
    {
      "name": "CVE-2020-8265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8265"
    },
    {
      "name": "CVE-2021-37713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
    },
    {
      "name": "CVE-2021-22947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22947"
    },
    {
      "name": "CVE-2019-19925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19925"
    },
    {
      "name": "CVE-2021-22922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22922"
    },
    {
      "name": "CVE-2019-19924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19924"
    },
    {
      "name": "CVE-2021-32938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32938"
    },
    {
      "name": "CVE-2020-11656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
    },
    {
      "name": "CVE-2022-26317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26317"
    },
    {
      "name": "CVE-2021-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
    },
    {
      "name": "CVE-2021-37712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
    },
    {
      "name": "CVE-2020-8284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
    },
    {
      "name": "CVE-2021-32940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32940"
    },
    {
      "name": "CVE-2021-3711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
    },
    {
      "name": "CVE-2021-37208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37208"
    },
    {
      "name": "CVE-2021-32948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32948"
    },
    {
      "name": "CVE-2021-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
    },
    {
      "name": "CVE-2022-26313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26313"
    },
    {
      "name": "CVE-2021-22921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22921"
    },
    {
      "name": "CVE-2021-25216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25216"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2021-43527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
    },
    {
      "name": "CVE-2019-19242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19242"
    },
    {
      "name": "CVE-2021-22897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22897"
    },
    {
      "name": "CVE-2021-32803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
    },
    {
      "name": "CVE-2021-25177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25177"
    },
    {
      "name": "CVE-2021-25175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25175"
    },
    {
      "name": "CVE-2021-22884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22884"
    },
    {
      "name": "CVE-2021-32952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32952"
    },
    {
      "name": "CVE-2019-19880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19880"
    },
    {
      "name": "CVE-2018-7160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7160"
    },
    {
      "name": "CVE-2021-32950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32950"
    },
    {
      "name": "CVE-2021-3672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3672"
    },
    {
      "name": "CVE-2021-31346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31346"
    },
    {
      "name": "CVE-2022-26314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26314"
    },
    {
      "name": "CVE-2021-31784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31784"
    },
    {
      "name": "CVE-2021-22883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22883"
    },
    {
      "name": "CVE-2020-8231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2021-25214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25214"
    },
    {
      "name": "CVE-2021-22931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
    },
    {
      "name": "CVE-2021-31889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31889"
    },
    {
      "name": "CVE-2022-24408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24408"
    },
    {
      "name": "CVE-2021-42016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42016"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2021-39134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39134"
    },
    {
      "name": "CVE-2019-19645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
    },
    {
      "name": "CVE-2020-11655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
    },
    {
      "name": "CVE-2020-8287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8287"
    },
    {
      "name": "CVE-2021-22926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22926"
    },
    {
      "name": "CVE-2022-24661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24661"
    },
    {
      "name": "CVE-2021-22890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22890"
    },
    {
      "name": "CVE-2021-25219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25219"
    },
    {
      "name": "CVE-2021-23840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
    },
    {
      "name": "CVE-2021-42018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42018"
    },
    {
      "name": "CVE-2021-22923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22923"
    },
    {
      "name": "CVE-2019-19923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19923"
    },
    {
      "name": "CVE-2021-39135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39135"
    },
    {
      "name": "CVE-2021-25176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25176"
    },
    {
      "name": "CVE-2021-31890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31890"
    },
    {
      "name": "CVE-2021-25178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25178"
    },
    {
      "name": "CVE-2021-22876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22876"
    },
    {
      "name": "CVE-2021-23362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23362"
    },
    {
      "name": "CVE-2019-19603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19603"
    },
    {
      "name": "CVE-2021-25217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
    },
    {
      "name": "CVE-2021-25173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25173"
    },
    {
      "name": "CVE-2021-22945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22945"
    },
    {
      "name": "CVE-2022-25311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25311"
    },
    {
      "name": "CVE-2021-31344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31344"
    },
    {
      "name": "CVE-2021-37209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37209"
    },
    {
      "name": "CVE-2021-42019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42019"
    },
    {
      "name": "CVE-2020-8625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8625"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-216",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-03-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-166747 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-166747.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-252466 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-252466.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-562051 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-562051.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-223353 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-337210 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-337210.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-148641 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-148641.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-389290 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-389290.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-764417 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-764417.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-256353 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-256353.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-703715 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-703715.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-594438 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-594438.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-415938 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-415938.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-134279 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-134279.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-155599 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-155599.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-406691 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-406691.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-250085 du 8 mars 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-250085.html"
    }
  ]
}

CERTFR-2022-AVI-510

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans IBM QRadar. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	QRadar	IBM QRadar Data Synchronization App versions antérieures à 3.0.1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6590981 du 31 mai 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.0.1",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7788"
    },
    {
      "name": "CVE-2021-37701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2021-33502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33502"
    },
    {
      "name": "CVE-2021-27290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
    },
    {
      "name": "CVE-2021-22940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
    },
    {
      "name": "CVE-2021-32804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
    },
    {
      "name": "CVE-2020-13632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
    },
    {
      "name": "CVE-2021-22930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
    },
    {
      "name": "CVE-2020-9327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
    },
    {
      "name": "CVE-2021-22918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2021-22939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
    },
    {
      "name": "CVE-2021-37713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
    },
    {
      "name": "CVE-2020-11656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
    },
    {
      "name": "CVE-2021-37712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
    },
    {
      "name": "CVE-2021-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2021-32803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
    },
    {
      "name": "CVE-2021-3672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3672"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2021-22931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
    },
    {
      "name": "CVE-2021-23343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23343"
    },
    {
      "name": "CVE-2021-3918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
    },
    {
      "name": "CVE-2020-11655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
    },
    {
      "name": "CVE-2020-15168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15168"
    },
    {
      "name": "CVE-2021-23362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23362"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-510",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6590981 du 31 mai 2022",
      "url": "https://www.ibm.com/support/pages/node/6590981"
    }
  ]
}

CERTFR-2024-AVI-1051

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	VIOS	VIOS version 3.1 sans le correctif invscout_fix7.tar
IBM	AIX	AIX version 7.3 sans le correctif invscout_fix7.tar
IBM	Cognos Controller	Cognos Controller versions 11.0.x antérieures à 11.0.1 FP3
IBM	AIX	AIX version 7.2 sans le correctif invscout_fix7.tar
IBM	Sterling Partner Engagement Manager Essentials Edition	Sterling Partner Engagement Manager Essentials Edition versions 6.2.x antérieures à 6.2.2.2
IBM	QRadar Use Case Manager App	QRadar Use Case Manager App versions antérieures à 4.0.0
IBM	Sterling Partner Engagement Manager Essentials Edition	Sterling Partner Engagement Manager Essentials Edition versions 6.1.x antérieures à 6.1.2.10
IBM	Sterling Partner Engagement Manager Standard Edition	Sterling Partner Engagement Manager Standard Edition versions 6.1.x antérieures à 6.1.2.10
IBM	VIOS	VIOS version 4.1 sans le correctif invscout_fix7.tar
IBM	Sterling Partner Engagement Manager Standard Edition	Sterling Partner Engagement Manager Standard Edition versions 6.2.x antérieures à 6.2.3.2

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7178033	2024-12-05	vendor-advisory
Bulletin de sécurité IBM 7178054	2024-12-06	vendor-advisory
Bulletin de sécurité IBM 7177220	2024-12-02	vendor-advisory
Bulletin de sécurité IBM 7177981	2024-12-05	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VIOS version 3.1 sans le correctif invscout_fix7.tar",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX version 7.3 sans le correctif invscout_fix7.tar",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Controller versions 11.0.x ant\u00e9rieures \u00e0 11.0.1 FP3",
      "product": {
        "name": "Cognos Controller",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX version 7.2 sans le correctif invscout_fix7.tar",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.2.2",
      "product": {
        "name": "Sterling Partner Engagement Manager Essentials Edition",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 4.0.0",
      "product": {
        "name": "QRadar Use Case Manager App",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager Essentials Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10",
      "product": {
        "name": "Sterling Partner Engagement Manager Essentials Edition",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager Standard Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10",
      "product": {
        "name": "Sterling Partner Engagement Manager Standard Edition",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS version 4.1 sans le correctif invscout_fix7.tar",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.3.2",
      "product": {
        "name": "Sterling Partner Engagement Manager Standard Edition",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-20919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
    },
    {
      "name": "CVE-2023-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
    },
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2024-47115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47115"
    },
    {
      "name": "CVE-2021-29425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
    },
    {
      "name": "CVE-2022-32213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
    },
    {
      "name": "CVE-2021-22959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22959"
    },
    {
      "name": "CVE-2023-38264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
    },
    {
      "name": "CVE-2024-25020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25020"
    },
    {
      "name": "CVE-2024-28849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
    },
    {
      "name": "CVE-2022-35256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2024-20926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
    },
    {
      "name": "CVE-2024-22353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
    },
    {
      "name": "CVE-2024-41777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41777"
    },
    {
      "name": "CVE-2024-21890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
    },
    {
      "name": "CVE-2024-21896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2021-36690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2021-22940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
    },
    {
      "name": "CVE-2023-23936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
    },
    {
      "name": "CVE-2023-50312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
    },
    {
      "name": "CVE-2021-22930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
    },
    {
      "name": "CVE-2024-25035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25035"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2023-38737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
    },
    {
      "name": "CVE-2023-24807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2021-22918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2021-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
    },
    {
      "name": "CVE-2024-25026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
    },
    {
      "name": "CVE-2021-22939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
    },
    {
      "name": "CVE-2021-44532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2022-0155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0155"
    },
    {
      "name": "CVE-2021-22960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22960"
    },
    {
      "name": "CVE-2024-41776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41776"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2024-25019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25019"
    },
    {
      "name": "CVE-2022-32222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32222"
    },
    {
      "name": "CVE-2023-22067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
    },
    {
      "name": "CVE-2022-32212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
    },
    {
      "name": "CVE-2023-23920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
    },
    {
      "name": "CVE-2024-21634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
    },
    {
      "name": "CVE-2023-23918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2024-22329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
    },
    {
      "name": "CVE-2021-22921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22921"
    },
    {
      "name": "CVE-2022-0536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0536"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2021-29892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29892"
    },
    {
      "name": "CVE-2024-45676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45676"
    },
    {
      "name": "CVE-2023-49735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49735"
    },
    {
      "name": "CVE-2024-40691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40691"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2023-51775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2024-27268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
    },
    {
      "name": "CVE-2022-32215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
    },
    {
      "name": "CVE-2023-33850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2023-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
    },
    {
      "name": "CVE-2024-41775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41775"
    },
    {
      "name": "CVE-2023-22049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
    },
    {
      "name": "CVE-2023-23919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
    },
    {
      "name": "CVE-2020-28500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
    },
    {
      "name": "CVE-2021-22931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
    },
    {
      "name": "CVE-2023-44483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
    },
    {
      "name": "CVE-2021-44533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
    },
    {
      "name": "CVE-2023-5676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
    },
    {
      "name": "CVE-2022-35737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2020-8203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2024-27270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
    },
    {
      "name": "CVE-2024-21891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2022-32214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2022-21824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2024-22017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2022-35255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
    },
    {
      "name": "CVE-2024-25036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25036"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2021-44531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2023-39332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
    },
    {
      "name": "CVE-2024-22354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    },
    {
      "name": "CVE-2022-32223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32223"
    },
    {
      "name": "CVE-2023-26159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-1051",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7178033",
      "url": "https://www.ibm.com/support/pages/node/7178033"
    },
    {
      "published_at": "2024-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7178054",
      "url": "https://www.ibm.com/support/pages/node/7178054"
    },
    {
      "published_at": "2024-12-02",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7177220",
      "url": "https://www.ibm.com/support/pages/node/7177220"
    },
    {
      "published_at": "2024-12-05",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7177981",
      "url": "https://www.ibm.com/support/pages/node/7177981"
    }
  ]
}

CERTFR-2021-AVI-932

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Db2	Db2 versions 9.7.x antérieures à 9.7 FP11
IBM	Db2	Db2 versions 11.5.x antérieures à 11.5.7
IBM	Db2	Db2 versions 10.1.x antérieures à 10.1 FP6
IBM	Db2	Db2 versions 10.5.x antérieures à 10.5 FP11
IBM	Spectrum	Spectrum Control versions 5.3.x et 5.4.x antérieures à 5.4.5
IBM	Db2	Db2 versions 11.1.x antérieures à 11.1.4 FP6

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6523806 du 09 décembre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6524930 du 09 décembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Db2 versions 9.7.x ant\u00e9rieures \u00e0 9.7 FP11",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.7",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 10.1.x ant\u00e9rieures \u00e0 10.1 FP6",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 10.5.x ant\u00e9rieures \u00e0 10.5 FP11",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Control versions 5.3.x et 5.4.x ant\u00e9rieures \u00e0 5.4.5",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 versions 11.1.x ant\u00e9rieures \u00e0 11.1.4 FP6",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-22940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
    },
    {
      "name": "CVE-2021-22930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
    },
    {
      "name": "CVE-2021-22939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
    },
    {
      "name": "CVE-2021-35517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
    },
    {
      "name": "CVE-2021-36090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
    },
    {
      "name": "CVE-2021-29678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29678"
    },
    {
      "name": "CVE-2021-29842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29842"
    },
    {
      "name": "CVE-2021-22931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-932",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni\nde service \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6523806 du 09 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6523806"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6524930 du 09 d\u00e9cembre 2021",
      "url": "https://www.ibm.com/support/pages/node/6524930"
    }
  ]
}

alsa-2021:3623

Vulnerability from osv_almalinux

Published

2021-09-21 12:33

Modified

2021-09-21 12:33

Summary

Important: nodejs:12 security and bug fix update

Details

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22930)
nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22940)
c-ares: Missing input validation of host names may lead to domain hijacking (CVE-2021-3672)
nodejs: Improper handling of untypical characters in domain names (CVE-2021-22931)
nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (CVE-2021-32803)
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (CVE-2021-32804)
nodejs: Incomplete validation of tls rejectUnauthorized parameter (CVE-2021-22939)
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

nodejs:12/nodejs: Make FIPS options always available (BZ#1993927)

References

URL

Type

	https://errata.almalinux.org/8/ALSA-2021-3623.html	ADVISORY
	https://vulners.com/cve/CVE-2021-22930	REPORT
	https://vulners.com/cve/CVE-2021-22931	REPORT
	https://vulners.com/cve/CVE-2021-22939	REPORT
	https://vulners.com/cve/CVE-2021-22940	REPORT
	https://vulners.com/cve/CVE-2021-23343	REPORT
	https://vulners.com/cve/CVE-2021-32803	REPORT
	https://vulners.com/cve/CVE-2021-32804	REPORT
	https://vulners.com/cve/CVE-2021-3672	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:12.22.5-1.module_el8.4.0+2529+af52a4c7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:12.22.5-1.module_el8.5.0+85+79a7b441"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:12.22.5-1.module_el8.5.0+85+79a7b441"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:12.22.5-1.module_el8.4.0+2529+af52a4c7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs-docs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:12.22.5-1.module_el8.4.0+2529+af52a4c7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs-full-i18n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:12.22.5-1.module_el8.5.0+85+79a7b441"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs-full-i18n"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:12.22.5-1.module_el8.4.0+2529+af52a4c7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs-nodemon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.3-1.module_el8.4.0+2521+c668cc9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs-packaging"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "17-3.module_el8.4.0+2224+b07ac28e"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs-packaging"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "17-3.module_el8.4.0+2521+c668cc9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs-packaging"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "17-3.module_el8.3.0+2023+d2377ea3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "npm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:6.14.14-1.12.22.5.1.module_el8.4.0+2529+af52a4c7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "npm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:6.14.14-1.12.22.5.1.module_el8.5.0+85+79a7b441"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22930)\n\n* nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22940)\n\n* c-ares: Missing input validation of host names may lead to domain hijacking (CVE-2021-3672)\n\n* nodejs: Improper handling of untypical characters in domain names (CVE-2021-22931)\n\n* nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (CVE-2021-32803)\n\n* nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (CVE-2021-32804)\n\n* nodejs: Incomplete validation of tls rejectUnauthorized parameter (CVE-2021-22939)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* nodejs:12/nodejs: Make FIPS options always available (BZ#1993927)",
  "id": "ALSA-2021:3623",
  "modified": "2021-09-21T12:33:58Z",
  "published": "2021-09-21T12:33:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2021-3623.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-22930"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-22931"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-22939"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-22940"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-23343"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-32803"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-32804"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3672"
    }
  ],
  "related": [
    "CVE-2021-22930",
    "CVE-2021-22940",
    "CVE-2021-3672",
    "CVE-2021-22931",
    "CVE-2021-32803",
    "CVE-2021-32804",
    "CVE-2021-22939",
    "CVE-2021-23343"
  ],
  "summary": "Important: nodejs:12 security and bug fix update"
}

alsa-2021:3666

Vulnerability from osv_almalinux

Published

2021-09-27 06:47

Modified

2022-11-07 17:47

Summary

Important: nodejs:14 security and bug fix update

Details

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22930)
nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22940)
c-ares: Missing input validation of host names may lead to domain hijacking (CVE-2021-3672)
nodejs: Improper handling of untypical characters in domain names (CVE-2021-22931)
nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (CVE-2021-32803)
nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (CVE-2021-32804)
nodejs: Incomplete validation of tls rejectUnauthorized parameter (CVE-2021-22939)
nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

nodejs:14/nodejs: Make FIPS options always available (BZ#1993924)

References

URL

Type

	https://errata.almalinux.org/8/ALSA-2021-3666.html	ADVISORY
	https://vulners.com/cve/CVE-2021-22930	REPORT
	https://vulners.com/cve/CVE-2021-22931	REPORT
	https://vulners.com/cve/CVE-2021-22939	REPORT
	https://vulners.com/cve/CVE-2021-22940	REPORT
	https://vulners.com/cve/CVE-2021-23343	REPORT
	https://vulners.com/cve/CVE-2021-32803	REPORT
	https://vulners.com/cve/CVE-2021-32804	REPORT
	https://vulners.com/cve/CVE-2021-3672	REPORT

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs-nodemon"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.3-1.module_el8.4.0+2521+c668cc9f"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs-packaging"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "23-3.module_el8.5.0+254+b4526b16"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "nodejs-packaging"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "23-3.module_el8.4.0+2522+3bd42762"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22930)\n\n* nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22940)\n\n* c-ares: Missing input validation of host names may lead to domain hijacking (CVE-2021-3672)\n\n* nodejs: Improper handling of untypical characters in domain names (CVE-2021-22931)\n\n* nodejs-tar: Insufficient symlink protection allowing arbitrary file creation and overwrite (CVE-2021-32803)\n\n* nodejs-tar: Insufficient absolute path sanitization allowing arbitrary file creation and overwrite (CVE-2021-32804)\n\n* nodejs: Incomplete validation of tls rejectUnauthorized parameter (CVE-2021-22939)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* nodejs:14/nodejs: Make FIPS options always available (BZ#1993924)",
  "id": "ALSA-2021:3666",
  "modified": "2022-11-07T17:47:24Z",
  "published": "2021-09-27T06:47:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2021-3666.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-22930"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-22931"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-22939"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-22940"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-23343"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-32803"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-32804"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2021-3672"
    }
  ],
  "related": [
    "CVE-2021-22930",
    "CVE-2021-22940",
    "CVE-2021-3672",
    "CVE-2021-22931",
    "CVE-2021-32803",
    "CVE-2021-32804",
    "CVE-2021-22939",
    "CVE-2021-23343"
  ],
  "summary": "Important: nodejs:14 security and bug fix update"
}

BDU:2022-01889

Vulnerability from fstec - Published: 16.08.2021

Title

Уязвимость программной платформы Node.js, связанная с использованием памяти после её освобождения, позволяющая нарушителю оказать воздействие на целостность данных

Description

Уязвимость программной платформы Node.js связана с использованием памяти после её освобождения. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, оказать воздействие на целостность данных

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Node.js Foundation, IBM Corp., АО "НППКТ"

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Node.js, Voice Gateway, IBM Cloud Transformation Advisor, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

9 (Debian GNU/Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), от 12.0.0 до 12.22.5 (Node.js), от 14.0.0 до 14.17.5 (Node.js), от 16.0.0 до 16.6.2 (Node.js), 1.0.7.1 (Voice Gateway), 2.4.4 (IBM Cloud Transformation Advisor), 4.7 (Astra Linux Special Edition), до 2.9 (ОСОН ОСнова Оnyx)

Possible Mitigations

Для Node.js: использование рекомендаций производителя: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/ Для Debian: использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2021-22940 Для программных продуктов IBM Corp.: https://www.ibm.com/support/pages/node/6507409 https://www.ibm.com/support/pages/node/6493863 Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD Для ОС Astra Linux Special Edition 4.7 для архитектуры ARM: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD Для ОСОН ОСнова Оnyx: Обновление программного обеспечения nodejs до версии 10.24.0~dfsg-1~deb10u3.osnova5

Reference

https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/ https://nvd.nist.gov/vuln/detail/CVE-2021-22940 https://security-tracker.debian.org/tracker/CVE-2021-22940 https://www.ibm.com/support/pages/node/6507409 https://www.ibm.com/support/pages/node/6493863 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.9/

CWE

CWE-416

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:C/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Node.js Foundation, IBM Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), \u043e\u0442 12.0.0 \u0434\u043e 12.22.5 (Node.js), \u043e\u0442 14.0.0 \u0434\u043e 14.17.5 (Node.js), \u043e\u0442 16.0.0 \u0434\u043e 16.6.2 (Node.js), 1.0.7.1 (Voice Gateway), 2.4.4 (IBM Cloud Transformation Advisor), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.9 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Node.js:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2021-22940\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 IBM Corp.:\nhttps://www.ibm.com/support/pages/node/6507409\nhttps://www.ibm.com/support/pages/node/6493863\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f nodejs \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 10.24.0~dfsg-1~deb10u3.osnova5",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.08.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "09.01.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-01889",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-22940",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Node.js, Voice Gateway, IBM Cloud Transformation Advisor, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.9  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Node.js, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Node.js \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435 \u043d\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-22940\nhttps://security-tracker.debian.org/tracker/CVE-2021-22940\nhttps://www.ibm.com/support/pages/node/6507409\nhttps://www.ibm.com/support/pages/node/6493863\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.9/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

bit-node-2021-22940

Vulnerability from bitnami_vulndb

Published

2024-03-06 11:06

Modified

2025-04-03 14:40

Summary

Details

Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "node",
        "purl": "pkg:bitnami/node"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "12.0.0"
            },
            {
              "fixed": "12.22.5"
            },
            {
              "introduced": "14.0.0"
            },
            {
              "fixed": "14.17.5"
            },
            {
              "introduced": "16.0.0"
            },
            {
              "fixed": "16.6.2"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-22940"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
      "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"
    ],
    "severity": "High"
  },
  "details": "Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.",
  "id": "BIT-node-2021-22940",
  "modified": "2025-04-03T14:40:37.652Z",
  "published": "2024-03-06T11:06:08.004Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1238162"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "https://nodejs.org/en/blog/vulnerability/aug-2021-security-releases/"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202401-02"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20210923-0001/"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22940"
    }
  ],
  "schema_version": "1.5.0"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-22940 (GCVE-0-2021-22940)

Solution

Solution

Solution

Solution

Solutions

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from bitnami_vulndb

Tags

Sightings

Nomenclature