Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-2379 (GCVE-0-2024-2379)
Vulnerability from cvelistv5 – Published: 2024-03-27 07:56 – Updated: 2025-02-13 17:39
VLAI?
EPSS
Title
QUIC certificate check bypass with wolfSSL
Summary
libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.
Severity ?
6.3 (Medium)
Assigner
References
11 references
Credits
Dexter Gerig
Daniel Stenberg
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:11:53.464Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "json",
"tags": [
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2024-2379.json"
},
{
"name": "www",
"tags": [
"x_transferred"
],
"url": "https://curl.se/docs/CVE-2024-2379.html"
},
{
"name": "issue",
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/2410774"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/03/27/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240531-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214119"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214118"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT214120"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Jul/19"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-2379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T17:42:40.991655Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:51:37.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "curl",
"vendor": "curl",
"versions": [
{
"lessThanOrEqual": "8.6.0",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dexter Gerig"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Daniel Stenberg"
}
],
"descriptions": [
{
"lang": "en",
"value": "libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-295 Improper Certificate Validation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T22:06:15.682Z",
"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"shortName": "curl"
},
"references": [
{
"name": "json",
"url": "https://curl.se/docs/CVE-2024-2379.json"
},
{
"name": "www",
"url": "https://curl.se/docs/CVE-2024-2379.html"
},
{
"name": "issue",
"url": "https://hackerone.com/reports/2410774"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/27/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240531-0001/"
},
{
"url": "https://support.apple.com/kb/HT214119"
},
{
"url": "https://support.apple.com/kb/HT214118"
},
{
"url": "https://support.apple.com/kb/HT214120"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/20"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/18"
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/19"
}
],
"title": "QUIC certificate check bypass with wolfSSL"
}
},
"cveMetadata": {
"assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"assignerShortName": "curl",
"cveId": "CVE-2024-2379",
"datePublished": "2024-03-27T07:56:41.158Z",
"dateReserved": "2024-03-11T14:39:01.543Z",
"dateUpdated": "2025-02-13T17:39:51.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-2379",
"date": "2026-05-20",
"epss": "0.00205",
"percentile": "0.42465"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.\"}, {\"lang\": \"es\", \"value\": \"libcurl omite la verificaci\\u00f3n del certificado para una conexi\\u00f3n QUIC bajo ciertas condiciones, cuando est\\u00e1 dise\\u00f1ado para usar wolfSSL. Si se le indica que utilice un cifrado o curva desconocido/incorrecto, la ruta de error omite accidentalmente la verificaci\\u00f3n y devuelve OK, ignorando as\\u00ed cualquier problema de certificado.\"}]",
"id": "CVE-2024-2379",
"lastModified": "2024-11-21T09:09:37.570",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.4}]}",
"published": "2024-03-27T08:15:41.230",
"references": "[{\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/18\", \"source\": \"2499f714-1537-4658-8207-48ae4bb9eae9\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/19\", \"source\": \"2499f714-1537-4658-8207-48ae4bb9eae9\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/20\", \"source\": \"2499f714-1537-4658-8207-48ae4bb9eae9\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/27/2\", \"source\": \"2499f714-1537-4658-8207-48ae4bb9eae9\"}, {\"url\": \"https://curl.se/docs/CVE-2024-2379.html\", \"source\": \"2499f714-1537-4658-8207-48ae4bb9eae9\"}, {\"url\": \"https://curl.se/docs/CVE-2024-2379.json\", \"source\": \"2499f714-1537-4658-8207-48ae4bb9eae9\"}, {\"url\": \"https://hackerone.com/reports/2410774\", \"source\": \"2499f714-1537-4658-8207-48ae4bb9eae9\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240531-0001/\", \"source\": \"2499f714-1537-4658-8207-48ae4bb9eae9\"}, {\"url\": \"https://support.apple.com/kb/HT214118\", \"source\": \"2499f714-1537-4658-8207-48ae4bb9eae9\"}, {\"url\": \"https://support.apple.com/kb/HT214119\", \"source\": \"2499f714-1537-4658-8207-48ae4bb9eae9\"}, {\"url\": \"https://support.apple.com/kb/HT214120\", \"source\": \"2499f714-1537-4658-8207-48ae4bb9eae9\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/18\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/19\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/20\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/27/2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://curl.se/docs/CVE-2024-2379.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://curl.se/docs/CVE-2024-2379.json\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://hackerone.com/reports/2410774\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240531-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT214118\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT214119\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT214120\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9",
"vulnStatus": "Awaiting Analysis"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-2379\",\"sourceIdentifier\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"published\":\"2024-03-27T08:15:41.230\",\"lastModified\":\"2025-07-30T19:42:09.087\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.\"},{\"lang\":\"es\",\"value\":\"libcurl omite la verificaci\u00f3n del certificado para una conexi\u00f3n QUIC bajo ciertas condiciones, cuando est\u00e1 dise\u00f1ado para usar wolfSSL. Si se le indica que utilice un cifrado o curva desconocido/incorrecto, la ruta de error omite accidentalmente la verificaci\u00f3n y devuelve OK, ignorando as\u00ed cualquier problema de certificado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:8.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A18DD27-715C-42CE-9084-CE43E0708104\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7.6\",\"matchCriteriaId\":\"3556C7C3-14B6-4846-B3E8-FE07A503155F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.6.8\",\"matchCriteriaId\":\"7008225C-B5B9-4F87-9392-DD2080717E9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.6\",\"matchCriteriaId\":\"51E2E93B-C5A3-4C83-B806-2EC555AD45FE\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E7CF3019-975D-40BB-A8A4-894E62BD3797\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h610c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89612649-BACF-4FAC-9BA4-324724FD93A6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h610c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3D9B255-C1AF-42D1-BF9B-13642FBDC080\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h610s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD7CFE0E-9D1E-4495-B302-89C3096FC0DF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h610s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F63A3FA7-AAED-4A9D-9FDE-6195302DA0F6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h615c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5921A877-18BF-43FE-915C-D226E140ACFC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h615c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7296A1F2-D315-4FD5-8A73-65C480C855BE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7447BC-F315-4298-A822-549942FC118B\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2024/Jul/18\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jul/19\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jul/20\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/27/2\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://curl.se/docs/CVE-2024-2379.html\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://curl.se/docs/CVE-2024-2379.json\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/2410774\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240531-0001/\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214118\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214119\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214120\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jul/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jul/19\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Jul/20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/03/27/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://curl.se/docs/CVE-2024-2379.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://curl.se/docs/CVE-2024-2379.json\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/2410774\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240531-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214119\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT214120\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://curl.se/docs/CVE-2024-2379.json\", \"name\": \"json\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://curl.se/docs/CVE-2024-2379.html\", \"name\": \"www\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://hackerone.com/reports/2410774\", \"name\": \"issue\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/27/2\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240531-0001/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214119\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214118\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT214120\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/20\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/18\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/19\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T19:11:53.464Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-2379\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-19T17:42:40.991655Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-19T17:42:46.091Z\"}}], \"cna\": {\"title\": \"QUIC certificate check bypass with wolfSSL\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Dexter Gerig\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Daniel Stenberg\"}], \"affected\": [{\"vendor\": \"curl\", \"product\": \"curl\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.6.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.6.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://curl.se/docs/CVE-2024-2379.json\", \"name\": \"json\"}, {\"url\": \"https://curl.se/docs/CVE-2024-2379.html\", \"name\": \"www\"}, {\"url\": \"https://hackerone.com/reports/2410774\", \"name\": \"issue\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/03/27/2\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240531-0001/\"}, {\"url\": \"https://support.apple.com/kb/HT214119\"}, {\"url\": \"https://support.apple.com/kb/HT214118\"}, {\"url\": \"https://support.apple.com/kb/HT214120\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/20\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/18\"}, {\"url\": \"http://seclists.org/fulldisclosure/2024/Jul/19\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-295 Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"2499f714-1537-4658-8207-48ae4bb9eae9\", \"shortName\": \"curl\", \"dateUpdated\": \"2024-07-29T22:06:15.682Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-2379\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-13T17:39:51.599Z\", \"dateReserved\": \"2024-03-11T14:39:01.543Z\", \"assignerOrgId\": \"2499f714-1537-4658-8207-48ae4bb9eae9\", \"datePublished\": \"2024-03-27T07:56:41.158Z\", \"assignerShortName\": \"curl\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0579
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | Spectrum Control versions antérieures à 5.4.12 | ||
| IBM | WebSphere | WebSphere Application Server versions 8.5.x antérieures à 8.5.5.25 sans le correctif de sécurité PH61489 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x antérieures à 9.0.5.20 sans le correctif de sécurité PH61489 | ||
| IBM | QRadar | QRadar Deployment Intelligence App versions antérieures à 3.0.14 | ||
| IBM | QRadar | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP9 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions antérieures à 1.10.23.0 | ||
| IBM | AIX | AIX versions 7.2 et 7.3 sans le correctif de sécurité 9211224a.240708.epkg.Z | ||
| IBM | QRadar | QRadar Suite Software versions antérieures à 1.10.23.0 | ||
| IBM | QRadar | Security QRadar EDR versions antérieures à 3.12.9 | ||
| IBM | VIOS | VIOS versions 3.1 et 4.1 sans le correctif de sécurité 9211224a.240708.epkg.Z | ||
| IBM | QRadar | QRadar WinCollect Agent versions antérieures à 10.1.11 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Spectrum Control versions ant\u00e9rieures \u00e0 5.4.12",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.25 sans le correctif de s\u00e9curit\u00e9 PH61489",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.20 sans le correctif de s\u00e9curit\u00e9 PH61489",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.14",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP9",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.10.23.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2 et 7.3 sans le correctif de s\u00e9curit\u00e9 9211224a.240708.epkg.Z",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.10.23.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.9",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS versions 3.1 et 4.1 sans le correctif de s\u00e9curit\u00e9 9211224a.240708.epkg.Z",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar WinCollect Agent versions ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2024-35154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35154"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-22353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
},
{
"name": "CVE-2024-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3772"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2024-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
},
{
"name": "CVE-2024-28102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2024-34997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34997"
},
{
"name": "CVE-2022-3287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3287"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2023-45802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2024-34062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34062"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
},
{
"name": "CVE-2024-28176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2024-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-31122",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-3019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3019"
},
{
"name": "CVE-2024-5206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5206"
},
{
"name": "CVE-2024-27088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27088"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2024-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"name": "CVE-2024-25023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25023"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2021-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0579",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159768",
"url": "https://www.ibm.com/support/pages/node/7159768"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160017",
"url": "https://www.ibm.com/support/pages/node/7160017"
},
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159781",
"url": "https://www.ibm.com/support/pages/node/7159781"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160014",
"url": "https://www.ibm.com/support/pages/node/7160014"
},
{
"published_at": "2024-07-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160134",
"url": "https://www.ibm.com/support/pages/node/7160134"
},
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159771",
"url": "https://www.ibm.com/support/pages/node/7159771"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159867",
"url": "https://www.ibm.com/support/pages/node/7159867"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159865",
"url": "https://www.ibm.com/support/pages/node/7159865"
},
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159527",
"url": "https://www.ibm.com/support/pages/node/7159527"
},
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159825",
"url": "https://www.ibm.com/support/pages/node/7159825"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159934",
"url": "https://www.ibm.com/support/pages/node/7159934"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159920",
"url": "https://www.ibm.com/support/pages/node/7159920"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160013",
"url": "https://www.ibm.com/support/pages/node/7160013"
}
]
}
CERTFR-2024-AVI-0634
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que la vulnérabilité CVE-2024-23296 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | macOS Monterey versions antérieures à 12.7.6 | ||
| Apple | N/A | iOS et iPadOS versions antérieures à 17.6 | ||
| Apple | N/A | macOS Ventura versions antérieures à 13.6.8 | ||
| Apple | N/A | visionOS versions antérieures à 1.3 | ||
| Apple | N/A | tvOS versions antérieures à 17.6 | ||
| Apple | N/A | iOS et iPadOS versions antérieures à 16.7.9 | ||
| Apple | N/A | watchOS versions antérieures à 10.6 | ||
| Apple | N/A | Safari versions antérieures à 17.6 | ||
| Apple | N/A | macOS Sonoma versions antérieures à 14.6 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.7.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.6.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 16.7.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 10.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24795"
},
{
"name": "CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"name": "CVE-2024-40824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40824"
},
{
"name": "CVE-2023-27952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27952"
},
{
"name": "CVE-2024-27823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27823"
},
{
"name": "CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"name": "CVE-2023-38709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38709"
},
{
"name": "CVE-2024-40794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40794"
},
{
"name": "CVE-2024-40813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40813"
},
{
"name": "CVE-2024-27316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27316"
},
{
"name": "CVE-2024-40793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40793"
},
{
"name": "CVE-2024-40781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40781"
},
{
"name": "CVE-2024-40818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40818"
},
{
"name": "CVE-2024-40816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40816"
},
{
"name": "CVE-2024-40804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40804"
},
{
"name": "CVE-2024-40817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40817"
},
{
"name": "CVE-2024-23296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23296"
},
{
"name": "CVE-2024-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
},
{
"name": "CVE-2024-40827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40827"
},
{
"name": "CVE-2024-27804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27804"
},
{
"name": "CVE-2024-40785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40785"
},
{
"name": "CVE-2024-40777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40777"
},
{
"name": "CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"name": "CVE-2024-40798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40798"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2024-27871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27871"
},
{
"name": "CVE-2024-40815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40815"
},
{
"name": "CVE-2024-27872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27872"
},
{
"name": "CVE-2024-23261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23261"
},
{
"name": "CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"name": "CVE-2024-40834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40834"
},
{
"name": "CVE-2024-40809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40809"
},
{
"name": "CVE-2024-27873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27873"
},
{
"name": "CVE-2024-27878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27878"
},
{
"name": "CVE-2024-40784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40784"
},
{
"name": "CVE-2024-40823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40823"
},
{
"name": "CVE-2024-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
},
{
"name": "CVE-2024-40812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40812"
},
{
"name": "CVE-2024-40774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40774"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2024-40796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40796"
},
{
"name": "CVE-2024-40828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40828"
},
{
"name": "CVE-2024-27862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27862"
},
{
"name": "CVE-2024-27826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27826"
},
{
"name": "CVE-2024-40836",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40836"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-27883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27883"
},
{
"name": "CVE-2024-40788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40788"
},
{
"name": "CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"name": "CVE-2024-40822",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40822"
},
{
"name": "CVE-2024-27877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27877"
},
{
"name": "CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"name": "CVE-2024-27882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27882"
},
{
"name": "CVE-2024-40805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40805"
},
{
"name": "CVE-2024-40829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40829"
},
{
"name": "CVE-2024-40835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40835"
},
{
"name": "CVE-2024-40786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40786"
},
{
"name": "CVE-2024-40833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40833"
},
{
"name": "CVE-2024-40806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40806"
},
{
"name": "CVE-2024-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40778"
},
{
"name": "CVE-2024-40814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40814"
},
{
"name": "CVE-2024-40783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40783"
},
{
"name": "CVE-2024-40807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40807"
},
{
"name": "CVE-2024-40832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40832"
},
{
"name": "CVE-2024-27863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27863"
},
{
"name": "CVE-2024-40803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40803"
},
{
"name": "CVE-2024-40811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40811"
},
{
"name": "CVE-2024-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"name": "CVE-2024-40775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40775"
},
{
"name": "CVE-2024-27881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27881"
},
{
"name": "CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"name": "CVE-2024-40787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40787"
},
{
"name": "CVE-2024-40821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40821"
},
{
"name": "CVE-2024-40802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40802"
},
{
"name": "CVE-2024-40800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40800"
},
{
"name": "CVE-2024-40795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40795"
},
{
"name": "CVE-2024-40799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40799"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0634",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2024-23296 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214119",
"url": "https://support.apple.com/kb/HT214119"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214117",
"url": "https://support.apple.com/kb/HT214117"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214123",
"url": "https://support.apple.com/kb/HT214123"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214120",
"url": "https://support.apple.com/kb/HT214120"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214124",
"url": "https://support.apple.com/kb/HT214124"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214118",
"url": "https://support.apple.com/kb/HT214118"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214121",
"url": "https://support.apple.com/kb/HT214121"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214116",
"url": "https://support.apple.com/kb/HT214116"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214122",
"url": "https://support.apple.com/kb/HT214122"
}
]
}
CERTFR-2024-AVI-0676
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Security Center. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Security Center | Security Center sans le correctif de sécurité SC-202408.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security Center sans le correctif de s\u00e9curit\u00e9 SC-202408.1",
"product": {
"name": "Security Center",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38475",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38475"
},
{
"name": "CVE-2024-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
},
{
"name": "CVE-2024-40898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40898"
},
{
"name": "CVE-2024-40725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40725"
},
{
"name": "CVE-2024-38474",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38474"
},
{
"name": "CVE-2024-39884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39884"
},
{
"name": "CVE-2024-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36387"
},
{
"name": "CVE-2024-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2024-38472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38472"
},
{
"name": "CVE-2024-6874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6874"
},
{
"name": "CVE-2024-38476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38476"
},
{
"name": "CVE-2024-38477",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38477"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-38473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38473"
},
{
"name": "CVE-2024-6197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6197"
},
{
"name": "CVE-2024-39573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39573"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0676",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Security Center. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Security Center",
"vendor_advisories": [
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2024-13",
"url": "https://www.tenable.com/security/tns-2024-13"
}
]
}
CERTFR-2025-AVI-0309
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Storage Protect | Storage Protect Plus versions 10.1.x antérieures à 10.1.17 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Storage Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.17",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2023-52448",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52448"
},
{
"name": "CVE-2024-36974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36974"
},
{
"name": "CVE-2023-1076",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1076"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2024-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-52492",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52492"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2024-36881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36881"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2022-36280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
},
{
"name": "CVE-2023-1409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1409"
},
{
"name": "CVE-2023-52475",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52475"
},
{
"name": "CVE-2024-7553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7553"
},
{
"name": "CVE-2020-25659",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25659"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2024-26782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26782"
},
{
"name": "CVE-2024-8207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8207"
},
{
"name": "CVE-2024-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-3372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3372"
},
{
"name": "CVE-2024-26803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26803"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2024-36882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36882"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2023-52439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2023-3961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3961"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-1151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1151"
},
{
"name": "CVE-2024-26646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26646"
},
{
"name": "CVE-2020-36242",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
},
{
"name": "CVE-2024-36015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36015"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52434"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2023-52466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52466"
},
{
"name": "CVE-2024-26591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26591"
},
{
"name": "CVE-2024-26611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26611"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2024-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
},
{
"name": "CVE-2024-35995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35995"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0309",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230557",
"url": "https://www.ibm.com/support/pages/node/7230557"
}
]
}
CERTFR-2024-AVI-0579
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | Spectrum Control versions antérieures à 5.4.12 | ||
| IBM | WebSphere | WebSphere Application Server versions 8.5.x antérieures à 8.5.5.25 sans le correctif de sécurité PH61489 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x antérieures à 9.0.5.20 sans le correctif de sécurité PH61489 | ||
| IBM | QRadar | QRadar Deployment Intelligence App versions antérieures à 3.0.14 | ||
| IBM | QRadar | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP9 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions antérieures à 1.10.23.0 | ||
| IBM | AIX | AIX versions 7.2 et 7.3 sans le correctif de sécurité 9211224a.240708.epkg.Z | ||
| IBM | QRadar | QRadar Suite Software versions antérieures à 1.10.23.0 | ||
| IBM | QRadar | Security QRadar EDR versions antérieures à 3.12.9 | ||
| IBM | VIOS | VIOS versions 3.1 et 4.1 sans le correctif de sécurité 9211224a.240708.epkg.Z | ||
| IBM | QRadar | QRadar WinCollect Agent versions antérieures à 10.1.11 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Spectrum Control versions ant\u00e9rieures \u00e0 5.4.12",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.25 sans le correctif de s\u00e9curit\u00e9 PH61489",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.20 sans le correctif de s\u00e9curit\u00e9 PH61489",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.14",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP9",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.10.23.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2 et 7.3 sans le correctif de s\u00e9curit\u00e9 9211224a.240708.epkg.Z",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.10.23.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.9",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS versions 3.1 et 4.1 sans le correctif de s\u00e9curit\u00e9 9211224a.240708.epkg.Z",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar WinCollect Agent versions ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2024-35154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35154"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-22353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
},
{
"name": "CVE-2024-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3772"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2024-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
},
{
"name": "CVE-2024-28102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2024-34997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34997"
},
{
"name": "CVE-2022-3287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3287"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2023-45802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2024-34062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34062"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
},
{
"name": "CVE-2024-28176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2024-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-31122",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-3019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3019"
},
{
"name": "CVE-2024-5206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5206"
},
{
"name": "CVE-2024-27088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27088"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2024-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"name": "CVE-2024-25023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25023"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2021-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0579",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159768",
"url": "https://www.ibm.com/support/pages/node/7159768"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160017",
"url": "https://www.ibm.com/support/pages/node/7160017"
},
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159781",
"url": "https://www.ibm.com/support/pages/node/7159781"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160014",
"url": "https://www.ibm.com/support/pages/node/7160014"
},
{
"published_at": "2024-07-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160134",
"url": "https://www.ibm.com/support/pages/node/7160134"
},
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159771",
"url": "https://www.ibm.com/support/pages/node/7159771"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159867",
"url": "https://www.ibm.com/support/pages/node/7159867"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159865",
"url": "https://www.ibm.com/support/pages/node/7159865"
},
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159527",
"url": "https://www.ibm.com/support/pages/node/7159527"
},
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159825",
"url": "https://www.ibm.com/support/pages/node/7159825"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159934",
"url": "https://www.ibm.com/support/pages/node/7159934"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159920",
"url": "https://www.ibm.com/support/pages/node/7159920"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160013",
"url": "https://www.ibm.com/support/pages/node/7160013"
}
]
}
CERTFR-2024-AVI-0634
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Apple indique que la vulnérabilité CVE-2024-23296 est activement exploitée.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | macOS Monterey versions antérieures à 12.7.6 | ||
| Apple | N/A | iOS et iPadOS versions antérieures à 17.6 | ||
| Apple | N/A | macOS Ventura versions antérieures à 13.6.8 | ||
| Apple | N/A | visionOS versions antérieures à 1.3 | ||
| Apple | N/A | tvOS versions antérieures à 17.6 | ||
| Apple | N/A | iOS et iPadOS versions antérieures à 16.7.9 | ||
| Apple | N/A | watchOS versions antérieures à 10.6 | ||
| Apple | N/A | Safari versions antérieures à 17.6 | ||
| Apple | N/A | macOS Sonoma versions antérieures à 14.6 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Monterey versions ant\u00e9rieures \u00e0 12.7.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.6.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 16.7.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 10.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 17.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24795"
},
{
"name": "CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"name": "CVE-2024-40824",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40824"
},
{
"name": "CVE-2023-27952",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27952"
},
{
"name": "CVE-2024-27823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27823"
},
{
"name": "CVE-2024-40779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40779"
},
{
"name": "CVE-2023-38709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38709"
},
{
"name": "CVE-2024-40794",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40794"
},
{
"name": "CVE-2024-40813",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40813"
},
{
"name": "CVE-2024-27316",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27316"
},
{
"name": "CVE-2024-40793",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40793"
},
{
"name": "CVE-2024-40781",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40781"
},
{
"name": "CVE-2024-40818",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40818"
},
{
"name": "CVE-2024-40816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40816"
},
{
"name": "CVE-2024-40804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40804"
},
{
"name": "CVE-2024-40817",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40817"
},
{
"name": "CVE-2024-23296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23296"
},
{
"name": "CVE-2024-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
},
{
"name": "CVE-2024-40827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40827"
},
{
"name": "CVE-2024-27804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27804"
},
{
"name": "CVE-2024-40785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40785"
},
{
"name": "CVE-2024-40777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40777"
},
{
"name": "CVE-2024-40776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40776"
},
{
"name": "CVE-2024-40798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40798"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2024-27871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27871"
},
{
"name": "CVE-2024-40815",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40815"
},
{
"name": "CVE-2024-27872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27872"
},
{
"name": "CVE-2024-23261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23261"
},
{
"name": "CVE-2024-40789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40789"
},
{
"name": "CVE-2024-40834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40834"
},
{
"name": "CVE-2024-40809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40809"
},
{
"name": "CVE-2024-27873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27873"
},
{
"name": "CVE-2024-27878",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27878"
},
{
"name": "CVE-2024-40784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40784"
},
{
"name": "CVE-2024-40823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40823"
},
{
"name": "CVE-2024-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
},
{
"name": "CVE-2024-40812",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40812"
},
{
"name": "CVE-2024-40774",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40774"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2024-40796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40796"
},
{
"name": "CVE-2024-40828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40828"
},
{
"name": "CVE-2024-27862",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27862"
},
{
"name": "CVE-2024-27826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27826"
},
{
"name": "CVE-2024-40836",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40836"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-27883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27883"
},
{
"name": "CVE-2024-40788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40788"
},
{
"name": "CVE-2024-40782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40782"
},
{
"name": "CVE-2024-40822",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40822"
},
{
"name": "CVE-2024-27877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27877"
},
{
"name": "CVE-2024-40780",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40780"
},
{
"name": "CVE-2024-27882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27882"
},
{
"name": "CVE-2024-40805",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40805"
},
{
"name": "CVE-2024-40829",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40829"
},
{
"name": "CVE-2024-40835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40835"
},
{
"name": "CVE-2024-40786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40786"
},
{
"name": "CVE-2024-40833",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40833"
},
{
"name": "CVE-2024-40806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40806"
},
{
"name": "CVE-2024-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40778"
},
{
"name": "CVE-2024-40814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40814"
},
{
"name": "CVE-2024-40783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40783"
},
{
"name": "CVE-2024-40807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40807"
},
{
"name": "CVE-2024-40832",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40832"
},
{
"name": "CVE-2024-27863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27863"
},
{
"name": "CVE-2024-40803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40803"
},
{
"name": "CVE-2024-40811",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40811"
},
{
"name": "CVE-2024-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"name": "CVE-2024-40775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40775"
},
{
"name": "CVE-2024-27881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27881"
},
{
"name": "CVE-2024-4558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4558"
},
{
"name": "CVE-2024-40787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40787"
},
{
"name": "CVE-2024-40821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40821"
},
{
"name": "CVE-2024-40802",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40802"
},
{
"name": "CVE-2024-40800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40800"
},
{
"name": "CVE-2024-40795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40795"
},
{
"name": "CVE-2024-40799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40799"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0634",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2024-23296 est activement exploit\u00e9e.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214119",
"url": "https://support.apple.com/kb/HT214119"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214117",
"url": "https://support.apple.com/kb/HT214117"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214123",
"url": "https://support.apple.com/kb/HT214123"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214120",
"url": "https://support.apple.com/kb/HT214120"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214124",
"url": "https://support.apple.com/kb/HT214124"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214118",
"url": "https://support.apple.com/kb/HT214118"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214121",
"url": "https://support.apple.com/kb/HT214121"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214116",
"url": "https://support.apple.com/kb/HT214116"
},
{
"published_at": "2024-07-29",
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT214122",
"url": "https://support.apple.com/kb/HT214122"
}
]
}
CERTFR-2024-AVI-0676
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Security Center. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Security Center | Security Center sans le correctif de sécurité SC-202408.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security Center sans le correctif de s\u00e9curit\u00e9 SC-202408.1",
"product": {
"name": "Security Center",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38475",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38475"
},
{
"name": "CVE-2024-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
},
{
"name": "CVE-2024-40898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40898"
},
{
"name": "CVE-2024-40725",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40725"
},
{
"name": "CVE-2024-38474",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38474"
},
{
"name": "CVE-2024-39884",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39884"
},
{
"name": "CVE-2024-36387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36387"
},
{
"name": "CVE-2024-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2024-38472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38472"
},
{
"name": "CVE-2024-6874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6874"
},
{
"name": "CVE-2024-38476",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38476"
},
{
"name": "CVE-2024-38477",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38477"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-38473",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38473"
},
{
"name": "CVE-2024-6197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6197"
},
{
"name": "CVE-2024-39573",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39573"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0676",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Security Center. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Security Center",
"vendor_advisories": [
{
"published_at": "2024-08-13",
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2024-13",
"url": "https://www.tenable.com/security/tns-2024-13"
}
]
}
CERTFR-2025-AVI-0309
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Storage Protect | Storage Protect Plus versions 10.1.x antérieures à 10.1.17 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Storage Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.17",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2023-52448",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52448"
},
{
"name": "CVE-2024-36974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36974"
},
{
"name": "CVE-2023-1076",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1076"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-49766",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
},
{
"name": "CVE-2024-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
},
{
"name": "CVE-2023-4091",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2024-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-52492",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52492"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2024-36881",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36881"
},
{
"name": "CVE-2023-42669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
},
{
"name": "CVE-2022-36280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
},
{
"name": "CVE-2023-1409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1409"
},
{
"name": "CVE-2023-52475",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52475"
},
{
"name": "CVE-2024-7553",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7553"
},
{
"name": "CVE-2020-25659",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25659"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2024-26782",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26782"
},
{
"name": "CVE-2024-8207",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8207"
},
{
"name": "CVE-2024-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2024-3372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3372"
},
{
"name": "CVE-2024-26803",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26803"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2024-36882",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36882"
},
{
"name": "CVE-2023-46136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46136"
},
{
"name": "CVE-2023-52439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2023-3961",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3961"
},
{
"name": "CVE-2024-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0841"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-1151",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1151"
},
{
"name": "CVE-2024-26646",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26646"
},
{
"name": "CVE-2020-36242",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
},
{
"name": "CVE-2024-36015",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36015"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2023-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52434"
},
{
"name": "CVE-2024-49767",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
},
{
"name": "CVE-2023-52458",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52458"
},
{
"name": "CVE-2024-26602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26602"
},
{
"name": "CVE-2023-52466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52466"
},
{
"name": "CVE-2024-26591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26591"
},
{
"name": "CVE-2024-26611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26611"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2024-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
},
{
"name": "CVE-2024-35995",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35995"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0309",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230557",
"url": "https://www.ibm.com/support/pages/node/7230557"
}
]
}
BDU:2024-02721
Vulnerability from fstec - Published: 10.03.2024
VLAI Severity ?
Title
Уязвимость функции curl_wssl_init_ctx компонента vquic-tls.c утилиты командной строки cURL, позволяющая нарушителю игнорировать любые проблемы с сертификатами
Description
Уязвимость функции curl_wssl_init_ctx компонента vquic-tls.c утилиты командной строки cURL связана с ошибками процедуры подтверждения подлинности сертификата. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, игнорировать любые проблемы с сертификатами
Severity ?
Vendor
АО «ИВК», Daniel Stenberg
Software Name
Альт 8 СП (запись в едином реестре российских программ №4305), АЛЬТ СП 10, cURL
Software Version
- (Альт 8 СП), - (АЛЬТ СП 10), 8.6.0 (cURL)
Possible Mitigations
Использование рекомендаций производителя:
https://curl.se/docs/CVE-2024-2379.html
Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/
Reference
https://github.com/curl/curl/commit/aedbbdf18e689a5eee8dc396
https://curl.se/docs/CVE-2024-2379.html
https://curl.se/docs/CVE-2024-2379.json
https://hackerone.com/reports/2410774
https://altsp.su/obnovleniya-bezopasnosti/
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-295
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Daniel Stenberg",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (\u0410\u043b\u044c\u0442 8 \u0421\u041f), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), 8.6.0 (cURL)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://curl.se/docs/CVE-2024-2379.html\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.03.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.01.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "08.04.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-02721",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-2379",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041b\u042c\u0422 \u0421\u041f 10, cURL",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 curl_wssl_init_ctx \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 vquic-tls.c \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 cURL, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0438\u0433\u043d\u043e\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430\u043c\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 (CWE-295)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 curl_wssl_init_ctx \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 vquic-tls.c \u0443\u0442\u0438\u043b\u0438\u0442\u044b \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 cURL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u044b \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0438\u0433\u043d\u043e\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430\u043c\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/curl/curl/commit/aedbbdf18e689a5eee8dc396\nhttps://curl.se/docs/CVE-2024-2379.html\t\nhttps://curl.se/docs/CVE-2024-2379.json\t\nhttps://hackerone.com/reports/2410774\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-295",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,1)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,6)"
}
cleanstart-2026-ay18527
Vulnerability from cleanstart
Published
2026-04-01 09:55
Modified
2026-03-16 17:21
Summary
Security fixes for CVE-2014-0138, CVE-2014-0139, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9594, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000257, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0500, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301, CVE-2018-14618, CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-11053, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-10148, CVE-2025-4947, CVE-2025-5025, CVE-2025-5399, CVE-2025-9086, CVE-2026-24515, CVE-2026-25210 applied in versions: 0, 7.36.0-r0, 7.50.1-r0, 7.50.2-r0, 7.50.3-r0, 7.51.0-r0, 7.52.1-r0, 7.53.0-r0, 7.53.1-r2, 7.54.0-r0, 7.55.0-r0, 7.56.1-r0, 7.57.0-r0, 7.59.0-r0, 7.60.0-r0, 7.61.0-r0, 7.61.1-r0, 7.62.0-r0, 7.64.0-r0, 7.65.0-r0, 7.66.0-r0, 7.71.0-r0, 7.72.0-r0, 7.74.0-r0, 7.76.0-r0, 7.77.0-r0, 7.78.0-r0, 7.79.0-r0, 7.83.0-r0, 7.83.1-r0, 7.84.0-r0, 7.85.0-r0, 7.86.0-r0, 7.87.0-r0, 7.88.0-r0, 8.0.0-r0, 8.1.0-r0, 8.10.0-r0, 8.11.0-r0, 8.11.1-r0, 8.12.0-r0, 8.14.0-r0, 8.14.1-r0, 8.15.0-r0, 8.17.0-r0, 8.3.0-r0, 8.4.0-r0, 8.5.0-r0, 8.6.0-r0, 8.7.1-r0, 8.9.0-r0, 8.9.1-r0
Details
Multiple security vulnerabilities affect the curl package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "curl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the curl package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-AY18527",
"modified": "2026-03-16T17:21:19Z",
"published": "2026-04-01T09:55:26.067667Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-AY18527.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2014-0138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2014-0139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5419"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5420"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5421"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-7141"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-7167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8615"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8616"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8617"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8618"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8619"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8620"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8621"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8622"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8623"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8624"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-9594"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000100"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000101"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000257"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-2629"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7468"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8816"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8818"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0500"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000120"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14618"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16839"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16840"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16842"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16890"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-3822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-3823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5435"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5436"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5481"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5482"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8169"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8177"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8231"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8285"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8286"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22876"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22890"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22897"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22898"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22901"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22922"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22923"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22925"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22945"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22946"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22947"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22576"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27775"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27776"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27778"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27779"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27780"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27781"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27782"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-30115"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32205"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32206"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32207"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32208"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32221"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35260"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-42915"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-42916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43551"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43552"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23914"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23915"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27533"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27534"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27535"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27536"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28319"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28320"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28321"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28322"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38039"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38545"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38546"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46218"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46219"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-0853"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-11053"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2004"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2379"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2398"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2466"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6197"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6874"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7264"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-8096"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-9681"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0665"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-10148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4947"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-5025"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-5399"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-9086"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25210"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5419"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5420"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5421"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7141"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8615"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8616"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8617"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8618"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8619"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8620"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8621"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8622"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8623"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8624"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9594"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000100"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000101"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2629"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7468"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8816"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8818"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0500"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000120"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14618"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16839"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16840"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16842"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16890"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5435"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5436"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5481"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5482"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8169"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8177"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8231"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8285"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8286"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22876"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22890"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22897"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22898"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22901"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22922"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22923"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22925"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22945"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22946"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22947"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22576"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27775"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27776"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27778"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27779"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27780"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27781"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30115"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32205"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32206"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32207"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32208"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32221"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35260"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42915"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43551"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43552"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23914"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23915"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27533"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27535"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27536"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28319"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28320"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28322"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38039"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38546"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46218"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46219"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0853"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2004"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2466"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6197"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6874"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8096"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0665"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4947"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5025"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5399"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25210"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2014-0138, CVE-2014-0139, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9594, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000257, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0500, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301, CVE-2018-14618, CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-11053, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-10148, CVE-2025-4947, CVE-2025-5025, CVE-2025-5399, CVE-2025-9086, CVE-2026-24515, CVE-2026-25210 applied in versions: 0, 7.36.0-r0, 7.50.1-r0, 7.50.2-r0, 7.50.3-r0, 7.51.0-r0, 7.52.1-r0, 7.53.0-r0, 7.53.1-r2, 7.54.0-r0, 7.55.0-r0, 7.56.1-r0, 7.57.0-r0, 7.59.0-r0, 7.60.0-r0, 7.61.0-r0, 7.61.1-r0, 7.62.0-r0, 7.64.0-r0, 7.65.0-r0, 7.66.0-r0, 7.71.0-r0, 7.72.0-r0, 7.74.0-r0, 7.76.0-r0, 7.77.0-r0, 7.78.0-r0, 7.79.0-r0, 7.83.0-r0, 7.83.1-r0, 7.84.0-r0, 7.85.0-r0, 7.86.0-r0, 7.87.0-r0, 7.88.0-r0, 8.0.0-r0, 8.1.0-r0, 8.10.0-r0, 8.11.0-r0, 8.11.1-r0, 8.12.0-r0, 8.14.0-r0, 8.14.1-r0, 8.15.0-r0, 8.17.0-r0, 8.3.0-r0, 8.4.0-r0, 8.5.0-r0, 8.6.0-r0, 8.7.1-r0, 8.9.0-r0, 8.9.1-r0",
"upstream": [
"CVE-2014-0138",
"CVE-2014-0139",
"CVE-2016-5419",
"CVE-2016-5420",
"CVE-2016-5421",
"CVE-2016-7141",
"CVE-2016-7167",
"CVE-2016-8615",
"CVE-2016-8616",
"CVE-2016-8617",
"CVE-2016-8618",
"CVE-2016-8619",
"CVE-2016-8620",
"CVE-2016-8621",
"CVE-2016-8622",
"CVE-2016-8623",
"CVE-2016-8624",
"CVE-2016-8625",
"CVE-2016-9594",
"CVE-2017-1000099",
"CVE-2017-1000100",
"CVE-2017-1000101",
"CVE-2017-1000257",
"CVE-2017-2629",
"CVE-2017-7407",
"CVE-2017-7468",
"CVE-2017-8816",
"CVE-2017-8817",
"CVE-2017-8818",
"CVE-2018-0500",
"CVE-2018-1000120",
"CVE-2018-1000121",
"CVE-2018-1000122",
"CVE-2018-1000300",
"CVE-2018-1000301",
"CVE-2018-14618",
"CVE-2018-16839",
"CVE-2018-16840",
"CVE-2018-16842",
"CVE-2018-16890",
"CVE-2019-3822",
"CVE-2019-3823",
"CVE-2019-5435",
"CVE-2019-5436",
"CVE-2019-5481",
"CVE-2019-5482",
"CVE-2020-8169",
"CVE-2020-8177",
"CVE-2020-8231",
"CVE-2020-8284",
"CVE-2020-8285",
"CVE-2020-8286",
"CVE-2021-22876",
"CVE-2021-22890",
"CVE-2021-22897",
"CVE-2021-22898",
"CVE-2021-22901",
"CVE-2021-22922",
"CVE-2021-22923",
"CVE-2021-22924",
"CVE-2021-22925",
"CVE-2021-22945",
"CVE-2021-22946",
"CVE-2021-22947",
"CVE-2022-22576",
"CVE-2022-27774",
"CVE-2022-27775",
"CVE-2022-27776",
"CVE-2022-27778",
"CVE-2022-27779",
"CVE-2022-27780",
"CVE-2022-27781",
"CVE-2022-27782",
"CVE-2022-30115",
"CVE-2022-32205",
"CVE-2022-32206",
"CVE-2022-32207",
"CVE-2022-32208",
"CVE-2022-32221",
"CVE-2022-35252",
"CVE-2022-35260",
"CVE-2022-42915",
"CVE-2022-42916",
"CVE-2022-43551",
"CVE-2022-43552",
"CVE-2023-23914",
"CVE-2023-23915",
"CVE-2023-23916",
"CVE-2023-27533",
"CVE-2023-27534",
"CVE-2023-27535",
"CVE-2023-27536",
"CVE-2023-27537",
"CVE-2023-27538",
"CVE-2023-28319",
"CVE-2023-28320",
"CVE-2023-28321",
"CVE-2023-28322",
"CVE-2023-38039",
"CVE-2023-38545",
"CVE-2023-38546",
"CVE-2023-46218",
"CVE-2023-46219",
"CVE-2024-0853",
"CVE-2024-11053",
"CVE-2024-2004",
"CVE-2024-2379",
"CVE-2024-2398",
"CVE-2024-2466",
"CVE-2024-6197",
"CVE-2024-6874",
"CVE-2024-7264",
"CVE-2024-8096",
"CVE-2024-9681",
"CVE-2025-0167",
"CVE-2025-0665",
"CVE-2025-0725",
"CVE-2025-10148",
"CVE-2025-4947",
"CVE-2025-5025",
"CVE-2025-5399",
"CVE-2025-9086",
"CVE-2026-24515",
"CVE-2026-25210"
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…