Vulnerability-Lookup

CVE-2023-31122 (GCVE-0-2023-31122)

Vulnerability from cvelistv5 – Published: 2023-10-23 06:51 – Updated: 2025-02-13 16:49

Title

Apache HTTP Server: mod_macro buffer over-read

Summary

Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.

Severity ?

No CVSS data available.

CWE

CWE-125 - Out-of-bounds Read

Assigner

apache

References

6 references

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…
https://security.netapp.com/advisory/ntap-2023102…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.debian.org/debian-lts-announce/2024…

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 0 , ≤ 2.4.57 (semver)

Credits

David Shoon (github/davidshoon)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:45:25.498Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20231027-0011/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-31122",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T20:23:50.224711Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-17T13:47:23.424Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.57",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "David Shoon (github/davidshoon)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.\u003cp\u003eThis issue affects Apache HTTP Server: through 2.4.57.\u003c/p\u003e"
            }
          ],
          "value": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:10:27.784Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20231027-0011/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-04-04T00:00:00.000Z",
          "value": "Reported to security team"
        }
      ],
      "title": "Apache HTTP Server: mod_macro buffer over-read",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2023-31122",
    "datePublished": "2023-10-23T06:51:59.705Z",
    "dateReserved": "2023-04-24T17:37:59.263Z",
    "dateUpdated": "2025-02-13T16:49:43.236Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-31122",
      "date": "2026-05-20",
      "epss": "0.0043",
      "percentile": "0.62725"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.4.57\", \"matchCriteriaId\": \"A1BE631C-0308-4AEB-93CF-757B37D2BAFA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de lectura fuera de l\\u00edmites en mod_macro del servidor Apache HTTP. Este problema afecta al servidor Apache HTTP: hasta 2.4.57.\"}]",
      "id": "CVE-2023-31122",
      "lastModified": "2024-11-21T08:01:26.177",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-10-23T07:15:11.103",
      "references": "[{\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html\", \"source\": \"security@apache.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/\", \"source\": \"security@apache.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231027-0011/\", \"source\": \"security@apache.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231027-0011/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "security@apache.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-125\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-31122\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-10-23T07:15:11.103\",\"lastModified\":\"2025-08-01T02:03:27.447\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de lectura fuera de l\u00edmites en mod_macro del servidor Apache HTTP. Este problema afecta al servidor Apache HTTP: hasta 2.4.57.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.4.58\",\"matchCriteriaId\":\"98328F29-DA83-4BEE-B8A8-D1C4AF224497\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}]}]}],\"references\":[{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"security@apache.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231027-0011/\",\"source\":\"security@apache.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://httpd.apache.org/security/vulnerabilities_24.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20231027-0011/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231027-0011/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T14:45:25.498Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-31122\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-11T20:23:50.224711Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-17T13:47:19.822Z\"}}], \"cna\": {\"title\": \"Apache HTTP Server: mod_macro buffer over-read\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"David Shoon (github/davidshoon)\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"low\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache HTTP Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.4.57\"}], \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-04-04T00:00:00.000Z\", \"value\": \"Reported to security team\"}], \"references\": [{\"url\": \"https://httpd.apache.org/security/vulnerabilities_24.html\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20231027-0011/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.\u003cp\u003eThis issue affects Apache HTTP Server: through 2.4.57.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2024-06-10T16:10:27.784Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-31122\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T16:49:43.236Z\", \"dateReserved\": \"2023-04-24T17:37:59.263Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2023-10-23T06:51:59.705Z\", \"assignerShortName\": \"apache\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0868

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Apache HTTP Server. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apache	HTTP Server	Apache HTTP Server versions antérieures à 2.4.58

References

Title

Publication Time

Tags

Bulletin de sécurité Apache 2.4.58 du 19 octobre 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache HTTP Server versions ant\u00e9rieures \u00e0 2.4.58",
      "product": {
        "name": "HTTP Server",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-45802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
    },
    {
      "name": "CVE-2023-43622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43622"
    },
    {
      "name": "CVE-2023-31122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0868",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache HTTP Server.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache HTTP Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apache 2.4.58 du 19 octobre 2023",
      "url": "https://downloads.apache.org/httpd/CHANGES_2.4.58"
    }
  ]
}

CERTFR-2023-AVI-0926

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Spectrum	IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.15.3
IBM	N/A	IBM HTTP Server versions 9.x antérieures à 9.0.5.18
IBM	Db2	IBM Db2 versions 11.0.x versions antérieures à 11.1.4 FP7 sans le dernier correctif de sécurité
IBM	Db2	IBM Db2 versions 11.5.x versions antérieures à 11.5.7 ou 11.5.8 sans le dernier correctif de sécurité
IBM	Db2	IBM Db2 versions 10.5.x toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7066504 du 03 novembre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7069319 du 08 novembre 2023	None	vendor-advisory
Bulletin de sécurité IBM 7067478 du 06 novembre 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.15.3",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM HTTP Server versions 9.x ant\u00e9rieures \u00e0 9.0.5.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.0.x versions ant\u00e9rieures \u00e0 11.1.4 FP7 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 11.5.x versions ant\u00e9rieures \u00e0 11.5.7 ou 11.5.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Db2 versions 10.5.x toutes versions",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-27535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
    },
    {
      "name": "CVE-2023-30441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30441"
    },
    {
      "name": "CVE-2023-31122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
    },
    {
      "name": "CVE-2023-3776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
    },
    {
      "name": "CVE-2022-1615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1615"
    },
    {
      "name": "CVE-2023-24539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
    },
    {
      "name": "CVE-2023-27534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
    },
    {
      "name": "CVE-2023-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
    },
    {
      "name": "CVE-2023-27533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
    },
    {
      "name": "CVE-2022-36879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
    },
    {
      "name": "CVE-2023-38408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
    },
    {
      "name": "CVE-2023-27538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
    },
    {
      "name": "CVE-2023-24540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
    },
    {
      "name": "CVE-2023-35001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
    },
    {
      "name": "CVE-2023-1206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
    },
    {
      "name": "CVE-2023-27537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0926",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-11-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une\nex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7066504 du 03 novembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7066504"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7069319 du 08 novembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7069319"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7067478 du 06 novembre 2023",
      "url": "https://www.ibm.com/support/pages/node/7067478"
    }
  ]
}

CERTFR-2024-AVI-0579

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Spectrum	Spectrum Control versions antérieures à 5.4.12
IBM	WebSphere	WebSphere Application Server versions 8.5.x antérieures à 8.5.5.25 sans le correctif de sécurité PH61489
IBM	WebSphere	WebSphere Application Server versions 9.0.x antérieures à 9.0.5.20 sans le correctif de sécurité PH61489
IBM	QRadar	QRadar Deployment Intelligence App versions antérieures à 3.0.14
IBM	QRadar	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP9
IBM	Cloud Pak	Cloud Pak for Security versions antérieures à 1.10.23.0
IBM	AIX	AIX versions 7.2 et 7.3 sans le correctif de sécurité 9211224a.240708.epkg.Z
IBM	QRadar	QRadar Suite Software versions antérieures à 1.10.23.0
IBM	QRadar	Security QRadar EDR versions antérieures à 3.12.9
IBM	VIOS	VIOS versions 3.1 et 4.1 sans le correctif de sécurité 9211224a.240708.epkg.Z
IBM	QRadar	QRadar WinCollect Agent versions antérieures à 10.1.11

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7159768	2024-07-08	vendor-advisory
Bulletin de sécurité IBM 7160017	2024-07-11	vendor-advisory
Bulletin de sécurité IBM 7159781	2024-07-08	vendor-advisory
Bulletin de sécurité IBM 7160014	2024-07-11	vendor-advisory
Bulletin de sécurité IBM 7160134	2024-07-12	vendor-advisory
Bulletin de sécurité IBM 7159771	2024-07-08	vendor-advisory
Bulletin de sécurité IBM 7159867	2024-07-09	vendor-advisory
Bulletin de sécurité IBM 7159865	2024-07-09	vendor-advisory
Bulletin de sécurité IBM 7159527	2024-07-08	vendor-advisory
Bulletin de sécurité IBM 7159825	2024-07-08	vendor-advisory
Bulletin de sécurité IBM 7159934	2024-07-10	vendor-advisory
Bulletin de sécurité IBM 7159920	2024-07-09	vendor-advisory
Bulletin de sécurité IBM 7160013	2024-07-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Spectrum Control versions ant\u00e9rieures \u00e0 5.4.12",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.25 sans le correctif de s\u00e9curit\u00e9 PH61489",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.20 sans le correctif de s\u00e9curit\u00e9 PH61489",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.14",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP9",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.10.23.0",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 7.2 et 7.3 sans le correctif de s\u00e9curit\u00e9 9211224a.240708.epkg.Z",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.10.23.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.9",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS versions 3.1 et 4.1 sans le correctif de s\u00e9curit\u00e9 9211224a.240708.epkg.Z",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar WinCollect Agent versions ant\u00e9rieures \u00e0 10.1.11",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-29483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
    },
    {
      "name": "CVE-2024-1597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
    },
    {
      "name": "CVE-2024-29041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
    },
    {
      "name": "CVE-2024-28834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
    },
    {
      "name": "CVE-2024-28849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
    },
    {
      "name": "CVE-2024-35154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35154"
    },
    {
      "name": "CVE-2024-4068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
    },
    {
      "name": "CVE-2024-33602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
    },
    {
      "name": "CVE-2024-22353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
    },
    {
      "name": "CVE-2024-3772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3772"
    },
    {
      "name": "CVE-2023-50312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
    },
    {
      "name": "CVE-2024-2466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
    },
    {
      "name": "CVE-2024-28102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
    },
    {
      "name": "CVE-2024-34069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
    },
    {
      "name": "CVE-2019-11358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
    },
    {
      "name": "CVE-2020-15778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
    },
    {
      "name": "CVE-2024-34997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34997"
    },
    {
      "name": "CVE-2022-3287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3287"
    },
    {
      "name": "CVE-2020-13936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2023-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
    },
    {
      "name": "CVE-2024-33600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
    },
    {
      "name": "CVE-2023-45802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
    },
    {
      "name": "CVE-2023-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
    },
    {
      "name": "CVE-2024-25026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
    },
    {
      "name": "CVE-2024-34062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34062"
    },
    {
      "name": "CVE-2024-33599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2021-41072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
    },
    {
      "name": "CVE-2024-28176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
    },
    {
      "name": "CVE-2024-1135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
    },
    {
      "name": "CVE-2020-23064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
    },
    {
      "name": "CVE-2023-6918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
    },
    {
      "name": "CVE-2024-2379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
    },
    {
      "name": "CVE-2024-22329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2024-2004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2023-31122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2023-51775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
    },
    {
      "name": "CVE-2024-33601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
    },
    {
      "name": "CVE-2024-3019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3019"
    },
    {
      "name": "CVE-2024-5206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5206"
    },
    {
      "name": "CVE-2024-27088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27088"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2024-25062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2024-26461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
    },
    {
      "name": "CVE-2024-26458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
    },
    {
      "name": "CVE-2023-44483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
    },
    {
      "name": "CVE-2023-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2024-27270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
    },
    {
      "name": "CVE-2023-31484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2023-46158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2024-6387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
    },
    {
      "name": "CVE-2024-25023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25023"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2021-40153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
    },
    {
      "name": "CVE-2023-5752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
    },
    {
      "name": "CVE-2024-2961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0579",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-07-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2024-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159768",
      "url": "https://www.ibm.com/support/pages/node/7159768"
    },
    {
      "published_at": "2024-07-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7160017",
      "url": "https://www.ibm.com/support/pages/node/7160017"
    },
    {
      "published_at": "2024-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159781",
      "url": "https://www.ibm.com/support/pages/node/7159781"
    },
    {
      "published_at": "2024-07-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7160014",
      "url": "https://www.ibm.com/support/pages/node/7160014"
    },
    {
      "published_at": "2024-07-12",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7160134",
      "url": "https://www.ibm.com/support/pages/node/7160134"
    },
    {
      "published_at": "2024-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159771",
      "url": "https://www.ibm.com/support/pages/node/7159771"
    },
    {
      "published_at": "2024-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159867",
      "url": "https://www.ibm.com/support/pages/node/7159867"
    },
    {
      "published_at": "2024-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159865",
      "url": "https://www.ibm.com/support/pages/node/7159865"
    },
    {
      "published_at": "2024-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159527",
      "url": "https://www.ibm.com/support/pages/node/7159527"
    },
    {
      "published_at": "2024-07-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159825",
      "url": "https://www.ibm.com/support/pages/node/7159825"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159934",
      "url": "https://www.ibm.com/support/pages/node/7159934"
    },
    {
      "published_at": "2024-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7159920",
      "url": "https://www.ibm.com/support/pages/node/7159920"
    },
    {
      "published_at": "2024-07-11",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7160013",
      "url": "https://www.ibm.com/support/pages/node/7160013"
    }
  ]
}

CERTFR-2024-AVI-0672

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SCALANCE M-800 versions antérieures à V8.1
Siemens	N/A	Teamcenter Visualization versions V14.2 antérieures à V14.2.0.12
Siemens	N/A	JT2Go versions antérieures à V2312.0005
Siemens	N/A	Teamcenter Visualization versions V2312 antérieures à V2312.0005
Siemens	N/A	INTRALOG WMS versions antérieures à V4
Siemens	N/A	LOGO! V8.3 BM (aucun correctif n'est prévu)
Siemens	N/A	SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) versions antérieures à V8.1
Siemens	N/A	SIPLUS LOGO! V8.3 BM (aucun correctif n'est prévu)
Siemens	N/A	SINEC NMS versions antérieures à V3.0
Siemens	N/A	Teamcenter Visualization versions V14.3 antérieures à V14.3.0.10
Siemens	N/A	COMOS versions antérieures à V10.5
Siemens	N/A	Location Intelligence family versions antérieures à V4.4
Siemens	N/A	SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) versions antérieures à V8.1
Siemens	N/A	SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) versions antérieures à V7.2.2
Siemens	N/A	NX versions antérieures à V2406.3000
Siemens	N/A	SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) versions antérieures à V7.2.2
Siemens	N/A	SCALANCE M-800 versions antérieures à V7.2.2
Siemens	N/A	SINEC Traffic Analyzer versions antérieures à V2.0

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-856475	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-357412	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-720392	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-921449	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-068047	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-784301	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-716317	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-659443	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-087301	2024-08-13	vendor-advisory
Bulletin de sécurité Siemens SSA-417547	2024-08-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SCALANCE M-800 versions ant\u00e9rieures \u00e0 V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions V14.2 ant\u00e9rieures \u00e0 V14.2.0.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go versions ant\u00e9rieures \u00e0 V2312.0005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions V2312 ant\u00e9rieures \u00e0 V2312.0005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "INTRALOG WMS versions ant\u00e9rieures \u00e0 V4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "LOGO! V8.3 BM (aucun correctif n\u0027est pr\u00e9vu)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) versions ant\u00e9rieures \u00e0 V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS LOGO! V8.3 BM (aucun correctif n\u0027est pr\u00e9vu)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 V3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions V14.3 ant\u00e9rieures \u00e0 V14.3.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": " COMOS versions ant\u00e9rieures \u00e0 V10.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence family versions ant\u00e9rieures \u00e0 V4.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) versions ant\u00e9rieures \u00e0 V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "NX versions ant\u00e9rieures \u00e0 V2406.3000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) versions ant\u00e9rieures \u00e0 V7.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M-800 versions ant\u00e9rieures \u00e0 V7.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC Traffic Analyzer versions ant\u00e9rieures \u00e0 V2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-41976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41976"
    },
    {
      "name": "CVE-2024-32635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32635"
    },
    {
      "name": "CVE-2024-41682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41682"
    },
    {
      "name": "CVE-2024-41906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41906"
    },
    {
      "name": "CVE-2023-44321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44321"
    },
    {
      "name": "CVE-2023-52425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
    },
    {
      "name": "CVE-2024-32636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32636"
    },
    {
      "name": "CVE-2023-44317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
    },
    {
      "name": "CVE-2024-28757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
    },
    {
      "name": "CVE-2024-41908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41908"
    },
    {
      "name": "CVE-2023-52426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
    },
    {
      "name": "CVE-2024-41683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41683"
    },
    {
      "name": "CVE-2023-5868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
    },
    {
      "name": "CVE-2024-41938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41938"
    },
    {
      "name": "CVE-2024-41978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41978"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-45802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
    },
    {
      "name": "CVE-2024-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0056"
    },
    {
      "name": "CVE-2023-5180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5180"
    },
    {
      "name": "CVE-2023-26495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26495"
    },
    {
      "name": "CVE-2024-41681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41681"
    },
    {
      "name": "CVE-2023-5870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
    },
    {
      "name": "CVE-2024-30045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30045"
    },
    {
      "name": "CVE-2023-44320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44320"
    },
    {
      "name": "CVE-2023-42795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42795"
    },
    {
      "name": "CVE-2024-41905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41905"
    },
    {
      "name": "CVE-2023-5869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
    },
    {
      "name": "CVE-2024-36398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36398"
    },
    {
      "name": "CVE-2023-4611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4611"
    },
    {
      "name": "CVE-2023-43622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43622"
    },
    {
      "name": "CVE-2023-45648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45648"
    },
    {
      "name": "CVE-2024-41907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41907"
    },
    {
      "name": "CVE-2024-39922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39922"
    },
    {
      "name": "CVE-2024-41977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41977"
    },
    {
      "name": "CVE-2023-31122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
    },
    {
      "name": "CVE-2024-41904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41904"
    },
    {
      "name": "CVE-2023-46120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46120"
    },
    {
      "name": "CVE-2024-25062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
    },
    {
      "name": "CVE-2023-6481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
    },
    {
      "name": "CVE-2023-6378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
    },
    {
      "name": "CVE-2024-41940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41940"
    },
    {
      "name": "CVE-2023-42794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42794"
    },
    {
      "name": "CVE-2024-32637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32637"
    },
    {
      "name": "CVE-2023-46280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46280"
    },
    {
      "name": "CVE-2024-0985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
    },
    {
      "name": "CVE-2023-49692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49692"
    },
    {
      "name": "CVE-2023-34050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34050"
    },
    {
      "name": "CVE-2023-46589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46589"
    },
    {
      "name": "CVE-2023-39615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39615"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2024-41939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41939"
    },
    {
      "name": "CVE-2024-41941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41941"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0672",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-13T00:00:00.000000"
    },
    {
      "description": "Ajout des identifiants CVE manquants.",
      "revision_date": "2024-08-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-856475",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-856475.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-357412",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-357412.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-720392",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-720392.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-921449",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-921449.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-068047",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-068047.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-784301",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-716317",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-659443",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-659443.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-087301",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-087301.html"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-417547",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-417547.html"
    }
  ]
}

CERTFR-2024-AVI-0741

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Juniper Secure Analytics. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Juniper Networks	Secure Analytics	Juniper Secure Analytics versions antérieures à 7.5.0 UP9 IF02

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA86686

2024-09-30

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP9 IF02",
      "product": {
        "name": "Secure Analytics",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-29483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
    },
    {
      "name": "CVE-2024-42472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42472"
    },
    {
      "name": "CVE-2024-26934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
    },
    {
      "name": "CVE-2023-52477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
    },
    {
      "name": "CVE-2023-52675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52675"
    },
    {
      "name": "CVE-2023-4692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4692"
    },
    {
      "name": "CVE-2024-27059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27059"
    },
    {
      "name": "CVE-2024-26656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
    },
    {
      "name": "CVE-2024-28834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
    },
    {
      "name": "CVE-2023-38264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
    },
    {
      "name": "CVE-2024-26974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
    },
    {
      "name": "CVE-2024-26897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
    },
    {
      "name": "CVE-2021-47055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
    },
    {
      "name": "CVE-2020-36777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36777"
    },
    {
      "name": "CVE-2023-43788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43788"
    },
    {
      "name": "CVE-2024-27052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
    },
    {
      "name": "CVE-2023-52425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
    },
    {
      "name": "CVE-2024-26585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
    },
    {
      "name": "CVE-2024-25744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25744"
    },
    {
      "name": "CVE-2024-26973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
    },
    {
      "name": "CVE-2024-33602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
    },
    {
      "name": "CVE-2024-27397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
    },
    {
      "name": "CVE-2024-35854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
    },
    {
      "name": "CVE-2023-52878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
    },
    {
      "name": "CVE-2021-47185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
    },
    {
      "name": "CVE-2024-23650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23650"
    },
    {
      "name": "CVE-2024-26603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
    },
    {
      "name": "CVE-2024-26964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26964"
    },
    {
      "name": "CVE-2024-5564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
    },
    {
      "name": "CVE-2021-33198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
    },
    {
      "name": "CVE-2024-26993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
    },
    {
      "name": "CVE-2019-25162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-25162"
    },
    {
      "name": "CVE-2022-41715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
    },
    {
      "name": "CVE-2023-39321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
    },
    {
      "name": "CVE-2024-3933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
    },
    {
      "name": "CVE-2024-1975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
    },
    {
      "name": "CVE-2023-52669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52669"
    },
    {
      "name": "CVE-2019-11358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
    },
    {
      "name": "CVE-2020-15778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
    },
    {
      "name": "CVE-2022-3287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3287"
    },
    {
      "name": "CVE-2024-36004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
    },
    {
      "name": "CVE-2024-26859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
    },
    {
      "name": "CVE-2020-13936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2024-35959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35959"
    },
    {
      "name": "CVE-2018-20060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
    },
    {
      "name": "CVE-2024-35855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
    },
    {
      "name": "CVE-2024-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
    },
    {
      "name": "CVE-2023-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
    },
    {
      "name": "CVE-2024-33600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
    },
    {
      "name": "CVE-2024-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
    },
    {
      "name": "CVE-2024-26615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
    },
    {
      "name": "CVE-2023-45802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
    },
    {
      "name": "CVE-2024-26801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
    },
    {
      "name": "CVE-2024-36007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
    },
    {
      "name": "CVE-2021-47311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47311"
    },
    {
      "name": "CVE-2023-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
    },
    {
      "name": "CVE-2024-26643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
    },
    {
      "name": "CVE-2024-26779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
    },
    {
      "name": "CVE-2024-32021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
    },
    {
      "name": "CVE-2024-33599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
    },
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-28180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
    },
    {
      "name": "CVE-2024-24806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
    },
    {
      "name": "CVE-2024-35852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
    },
    {
      "name": "CVE-2024-23307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2023-52528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
    },
    {
      "name": "CVE-2024-27048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27048"
    },
    {
      "name": "CVE-2021-47013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47013"
    },
    {
      "name": "CVE-2023-52781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
    },
    {
      "name": "CVE-2024-35845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
    },
    {
      "name": "CVE-2021-41072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2021-47073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
    },
    {
      "name": "CVE-2024-26804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
    },
    {
      "name": "CVE-2024-26593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
    },
    {
      "name": "CVE-2022-48627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
    },
    {
      "name": "CVE-2021-47171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
    },
    {
      "name": "CVE-2024-26743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
    },
    {
      "name": "CVE-2023-52686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52686"
    },
    {
      "name": "CVE-2021-47236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47236"
    },
    {
      "name": "CVE-2023-39318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
    },
    {
      "name": "CVE-2023-6240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
    },
    {
      "name": "CVE-2024-32004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
    },
    {
      "name": "CVE-2021-47118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
    },
    {
      "name": "CVE-2024-35890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35890"
    },
    {
      "name": "CVE-2020-23064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
    },
    {
      "name": "CVE-2023-6918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2023-52877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2024-32020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2023-39319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
    },
    {
      "name": "CVE-2024-32487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
    },
    {
      "name": "CVE-2024-26826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26826"
    },
    {
      "name": "CVE-2024-27056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
    },
    {
      "name": "CVE-2024-26583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
    },
    {
      "name": "CVE-2024-26642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
    },
    {
      "name": "CVE-2021-47153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
    },
    {
      "name": "CVE-2024-35888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35888"
    },
    {
      "name": "CVE-2023-52700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52700"
    },
    {
      "name": "CVE-2023-31122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
    },
    {
      "name": "CVE-2023-52439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
    },
    {
      "name": "CVE-2021-47495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
    },
    {
      "name": "CVE-2024-26675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
    },
    {
      "name": "CVE-2019-14865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14865"
    },
    {
      "name": "CVE-2024-26906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
    },
    {
      "name": "CVE-2024-26610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
    },
    {
      "name": "CVE-2024-2357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2357"
    },
    {
      "name": "CVE-2024-26584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2024-26919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26919"
    },
    {
      "name": "CVE-2023-52445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
    },
    {
      "name": "CVE-2024-33601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
    },
    {
      "name": "CVE-2024-3019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3019"
    },
    {
      "name": "CVE-2022-2880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
    },
    {
      "name": "CVE-2024-27014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
    },
    {
      "name": "CVE-2021-34558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
    },
    {
      "name": "CVE-2024-32465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
    },
    {
      "name": "CVE-2024-22365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2023-43789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43789"
    },
    {
      "name": "CVE-2024-38428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
    },
    {
      "name": "CVE-2024-25062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
    },
    {
      "name": "CVE-2022-2879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2024-26892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26892"
    },
    {
      "name": "CVE-2024-35835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
    },
    {
      "name": "CVE-2024-26735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
    },
    {
      "name": "CVE-2023-52881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
    },
    {
      "name": "CVE-2023-4693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4693"
    },
    {
      "name": "CVE-2021-46972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46972"
    },
    {
      "name": "CVE-2023-52578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52578"
    },
    {
      "name": "CVE-2024-26461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
    },
    {
      "name": "CVE-2024-34750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
    },
    {
      "name": "CVE-2024-26458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
    },
    {
      "name": "CVE-2021-46934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
    },
    {
      "name": "CVE-2024-1048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1048"
    },
    {
      "name": "CVE-2023-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
    },
    {
      "name": "CVE-2023-52598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2023-7008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
    },
    {
      "name": "CVE-2024-26659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
    },
    {
      "name": "CVE-2023-52667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52667"
    },
    {
      "name": "CVE-2024-26933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26933"
    },
    {
      "name": "CVE-2023-31484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
    },
    {
      "name": "CVE-2023-52703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52703"
    },
    {
      "name": "CVE-2023-52594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
    },
    {
      "name": "CVE-2024-26693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26693"
    },
    {
      "name": "CVE-2023-52595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2023-45287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
    },
    {
      "name": "CVE-2022-48624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
    },
    {
      "name": "CVE-2024-26759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26759"
    },
    {
      "name": "CVE-2023-52464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
    },
    {
      "name": "CVE-2023-52813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
    },
    {
      "name": "CVE-2024-35838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35838"
    },
    {
      "name": "CVE-2023-52513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
    },
    {
      "name": "CVE-2023-52615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
    },
    {
      "name": "CVE-2023-52610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52610"
    },
    {
      "name": "CVE-2023-52560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52560"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2023-39322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
    },
    {
      "name": "CVE-2023-52606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
    },
    {
      "name": "CVE-2021-47069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
    },
    {
      "name": "CVE-2024-35960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
    },
    {
      "name": "CVE-2022-39253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2023-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
    },
    {
      "name": "CVE-2024-26872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
    },
    {
      "name": "CVE-2020-26555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
    },
    {
      "name": "CVE-2024-26901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
    },
    {
      "name": "CVE-2023-39326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2023-29409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
    },
    {
      "name": "CVE-2024-35789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
    },
    {
      "name": "CVE-2023-52835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
    },
    {
      "name": "CVE-2024-26982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
    },
    {
      "name": "CVE-2021-47310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47310"
    },
    {
      "name": "CVE-2023-52626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52626"
    },
    {
      "name": "CVE-2024-0340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
    },
    {
      "name": "CVE-2024-26744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
    },
    {
      "name": "CVE-2024-24786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
    },
    {
      "name": "CVE-2024-35958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
    },
    {
      "name": "CVE-2021-47456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47456"
    },
    {
      "name": "CVE-2021-40153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
    },
    {
      "name": "CVE-2024-32002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
    },
    {
      "name": "CVE-2022-48669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48669"
    },
    {
      "name": "CVE-2023-52565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52565"
    },
    {
      "name": "CVE-2023-52520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
    },
    {
      "name": "CVE-2021-47356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47356"
    },
    {
      "name": "CVE-2024-26694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26694"
    },
    {
      "name": "CVE-2024-2961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
    },
    {
      "name": "CVE-2024-26664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
    },
    {
      "name": "CVE-2024-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
    },
    {
      "name": "CVE-2021-47353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47353"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2023-52607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2018-25091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25091"
    },
    {
      "name": "CVE-2023-5090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5090"
    },
    {
      "name": "CVE-2024-27410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
    },
    {
      "name": "CVE-2021-46909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
    },
    {
      "name": "CVE-2024-35853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
    },
    {
      "name": "CVE-2024-26907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0741",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-05T00:00:00.000000"
    },
    {
      "description": "Ajout r\u00e9f\u00e9rence \u00e9diteur",
      "revision_date": "2024-09-06T00:00:00.000000"
    },
    {
      "description": "Correction d\u0027identifiants CVE erron\u00e9s",
      "revision_date": "2024-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Secure Analytics. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics",
  "vendor_advisories": [
    {
      "published_at": "2024-09-30",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA86686",
      "url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP9-IF02"
    }
  ]
}

CERTFR-2023-AVI-0868

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apache	HTTP Server	Apache HTTP Server versions antérieures à 2.4.58

References

Title

Publication Time

Tags

Bulletin de sécurité Apache 2.4.58 du 19 octobre 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apache HTTP Server versions ant\u00e9rieures \u00e0 2.4.58",
      "product": {
        "name": "HTTP Server",
        "vendor": {
          "name": "Apache",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-45802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
    },
    {
      "name": "CVE-2023-43622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43622"
    },
    {
      "name": "CVE-2023-31122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0868",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-10-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache HTTP Server.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache HTTP Server",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apache 2.4.58 du 19 octobre 2023",
      "url": "https://downloads.apache.org/httpd/CHANGES_2.4.58"
    }
  ]
}

alsa-2024:2278

Vulnerability from osv_almalinux

Published

2024-04-30 00:00

Modified

2024-05-07 15:06

Summary

Moderate: httpd security update

Details

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:2278	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-31122	REPORT
	https://bugzilla.redhat.com/2245332	REPORT
	https://errata.almalinux.org/9/ALSA-2024-2278.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.57-8.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.57-8.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.57-8.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-filesystem"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.57-8.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-manual"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.57-8.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "httpd-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.57-8.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_ldap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.57-8.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_lua"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.57-8.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_proxy_html"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.4.57-8.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_session"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.57-8.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "mod_ssl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.4.57-8.el9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2024:2278",
  "modified": "2024-05-07T15:06:56Z",
  "published": "2024-04-30T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:2278"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-31122"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2245332"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2024-2278.html"
    }
  ],
  "related": [
    "CVE-2023-31122"
  ],
  "summary": "Moderate: httpd security update"
}

alsa-2024:3121

Vulnerability from osv_almalinux

Published

2024-05-22 00:00

Modified

2024-05-29 14:47

Summary

Moderate: httpd:2.4 security update

Details

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.

Security Fix(es):

httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)
mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2024:3121	ADVISORY
	https://access.redhat.com/security/cve/CVE-2023-31122	REPORT
	https://access.redhat.com/security/cve/CVE-2023-45802	REPORT
	https://bugzilla.redhat.com/2243877	REPORT
	https://bugzilla.redhat.com/2245332	REPORT
	https://errata.almalinux.org/8/ALSA-2024-3121.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-64.module_el8.10.0+3761+75f8c656"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-64.module_el8.10.0+3761+75f8c656"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd-filesystem"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-64.module_el8.10.0+3761+75f8c656"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd-manual"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-64.module_el8.10.0+3761+75f8c656"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "httpd-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-64.module_el8.10.0+3761+75f8c656"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_http2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.7-10.module_el8.10.0+3832+564e7653"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_ldap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-64.module_el8.10.0+3761+75f8c656"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_md"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.0.8-8.module_el8.6.0+2872+fe0ff7aa"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_md"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.0.8-8.module_el8.6.0+3031+fb177b09"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_proxy_html"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.4.37-64.module_el8.10.0+3761+75f8c656"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_session"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.37-64.module_el8.10.0+3761+75f8c656"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "mod_ssl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.4.37-64.module_el8.10.0+3761+75f8c656"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* httpd: mod_macro: out-of-bounds read vulnerability (CVE-2023-31122)\n* mod_http2: reset requests exhaust memory (incomplete fix of CVE-2023-44487) (CVE-2023-45802)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2024:3121",
  "modified": "2024-05-29T14:47:45Z",
  "published": "2024-05-22T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2024:3121"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-31122"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2023-45802"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2243877"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2245332"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2024-3121.html"
    }
  ],
  "related": [
    "CVE-2023-31122",
    "CVE-2023-44487",
    "CVE-2023-45802"
  ],
  "summary": "Moderate: httpd:2.4 security update"
}

BDU:2023-07124

Vulnerability from fstec - Published: 23.10.2023

Title

Уязвимость модуля mod_macro веб-сервера Apache HTTP Server, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость модуля mod_macro веб-сервера Apache HTTP Server связана с чтением за границами памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

ООО «РусБИТех-Астра», Red Hat Inc., ООО «Ред Софт», АО «ИВК», АО «НТЦ ИТ РОСА», Apache Software Foundation, АО "НППКТ"

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), Red Hat Enterprise Linux, Red Hat Software Collections, РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), РОСА Кобальт (запись в едином реестре российских программ №1999), ROSA Virtualization (запись в едином реестре российских программ №5091), HTTP Server, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)

Software Version

1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), - (Red Hat Software Collections), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), - (Альт 8 СП), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), 7.9 (РОСА Кобальт), 2.1 (ROSA Virtualization), до 2.4.57 включительно (HTTP Server), до 2.9 (ОСОН ОСнова Оnyx), 3.0 (ROSA Virtualization 3.0)

Possible Mitigations

Использование рекомендаций: Для Apache HTTP Server: https://httpd.apache.org/security/vulnerabilities_24.html Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2023-31122 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства Для Astra Linux 1.6 «Смоленск»: обновить пакет apache2 до 2.4.46-1~bpo9+1astra.se10 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16 Для ОСОН ОСнова Оnyx: Обновление программного обеспечения apache2 до версии 2.4.58-1osnova16.onyx Для ОС Astra Linux Special Edition 1.7 архитектуры x86-64: обновить пакет apache2 до 2.4.57-2+astra.se2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0212SE17 Для ОС РОСА "КОБАЛЬТ": https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2326 Для Astra Linux Special Edition 4.7 для архитектуры ARM: обновить пакет apache2 до 2.4.57-2+astra.se5 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2804 Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2851

Reference

https://httpd.apache.org/security/vulnerabilities_24.html https://vuldb.com/ru/?id.242962 https://access.redhat.com/security/cve/cve-2023-31122 http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://altsp.su/obnovleniya-bezopasnosti/ https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.9/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0212SE17 https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2326 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 https://abf.rosa.ru/advisories/ROSA-SA-2025-2804 https://abf.rosa.ru/advisories/ROSA-SA-2025-2851

CWE

CWE-125

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, Apache Software Foundation, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), - (Red Hat Software Collections), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), 7.9 (\u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442), 2.1 (ROSA Virtualization), \u0434\u043e 2.4.57 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (HTTP Server), \u0434\u043e 2.9 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 3.0 (ROSA Virtualization 3.0)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Apache HTTP Server:\nhttps://httpd.apache.org/security/vulnerabilities_24.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2023-31122\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \n\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\n\n\u0414\u043b\u044f Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.46-1~bpo9+1astra.se10 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16\n\n\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f apache2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.4.58-1osnova16.onyx\n\n\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7 \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b x86-64:\n\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.57-2+astra.se2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0212SE17\n\n\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \"\u041a\u041e\u0411\u0410\u041b\u042c\u0422\": \nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2024-2326\n\n\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.57-2+astra.se5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n\n\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2804\n\n\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: \nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2851",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "23.10.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "02.12.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "25.10.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-07124",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-31122",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Enterprise Linux, Red Hat Software Collections, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), HTTP Server, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Red Hat Inc. Red Hat Enterprise Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 7.9  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.9  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f mod_macro \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache HTTP Server, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f mod_macro \u0432\u0435\u0431-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache HTTP Server \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0447\u0442\u0435\u043d\u0438\u0435\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://httpd.apache.org/security/vulnerabilities_24.html\nhttps://vuldb.com/ru/?id.242962\nhttps://access.redhat.com/security/cve/cve-2023-31122\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.9/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0212SE17\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2024-2326\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2804\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2851",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

bit-apache-2023-31122

Vulnerability from bitnami_vulndb

Published

2024-03-06 10:50

Modified

2025-05-20 10:02

Summary

Apache HTTP Server: mod_macro buffer over-read

Details

Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "apache",
        "purl": "pkg:bitnami/apache"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.58"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-31122"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
  },
  "details": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.",
  "id": "BIT-apache-2023-31122",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-03-06T10:50:54.601Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20231027-0011/"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31122"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Apache HTTP Server: mod_macro buffer over-read"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-31122 (GCVE-0-2023-31122)

Solution

Solution

Solutions

Solutions

Solutions

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from bitnami_vulndb

Tags

Sightings

Nomenclature