Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-21699 (GCVE-0-2022-21699)
Vulnerability from cvelistv5 – Published: 2022-01-19 21:15 – Updated: 2025-04-22 18:33
VLAI?
EPSS
Summary
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
Severity ?
8.2 (High)
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:53:34.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699"
},
{
"name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html"
},
{
"name": "FEDORA-2022-b58d156ab0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/"
},
{
"name": "FEDORA-2022-b9e38f8a56",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-21699",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:45:17.424524Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:33:01.284Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ipython",
"vendor": "ipython",
"versions": [
{
"status": "affected",
"version": "\u003c 5.11"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 7.16.3"
},
{
"status": "affected",
"version": "\u003e= 7.17.0, \u003c 7.31.1"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-279",
"description": "CWE-279: Incorrect Execution-Assigned Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-12T02:06:46.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699"
},
{
"name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html"
},
{
"name": "FEDORA-2022-b58d156ab0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/"
},
{
"name": "FEDORA-2022-b9e38f8a56",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/"
}
],
"source": {
"advisory": "GHSA-pq7m-3gw7-gq5x",
"discovery": "UNKNOWN"
},
"title": "Execution with Unnecessary Privileges in ipython",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21699",
"STATE": "PUBLIC",
"TITLE": "Execution with Unnecessary Privileges in ipython"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ipython",
"version": {
"version_data": [
{
"version_value": "\u003c 5.11"
},
{
"version_value": "\u003e= 6.0.0, \u003c 7.16.3"
},
{
"version_value": "\u003e= 7.17.0, \u003c 7.31.1"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.0.1"
}
]
}
}
]
},
"vendor_name": "ipython"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250: Execution with Unnecessary Privileges"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-279: Incorrect Execution-Assigned Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x",
"refsource": "CONFIRM",
"url": "https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x"
},
{
"name": "https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668",
"refsource": "MISC",
"url": "https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668"
},
{
"name": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699",
"refsource": "MISC",
"url": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699"
},
{
"name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html"
},
{
"name": "FEDORA-2022-b58d156ab0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/"
},
{
"name": "FEDORA-2022-b9e38f8a56",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/"
}
]
},
"source": {
"advisory": "GHSA-pq7m-3gw7-gq5x",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-21699",
"datePublished": "2022-01-19T21:15:11.000Z",
"dateReserved": "2021-11-16T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:33:01.284Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.10.0\", \"matchCriteriaId\": \"20A91357-8D8B-45C5-820C-369BB5EA502F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"7.16.3\", \"matchCriteriaId\": \"BD1676DE-BE33-4992-9A42-1293B5D4A667\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.17.0\", \"versionEndExcluding\": \"7.31.1\", \"matchCriteriaId\": \"91125C7A-AEB7-4B1C-AB63-0F3374CF1735\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndExcluding\": \"8.0.1\", \"matchCriteriaId\": \"4FB4B7D2-9DFF-4454-BD7C-5686546CC209\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.\"}, {\"lang\": \"es\", \"value\": \"IPython (Interactive Python) es un shell de comandos para la computaci\\u00f3n interactiva en m\\u00faltiples lenguajes de programaci\\u00f3n, desarrollado originalmente para el lenguaje de programaci\\u00f3n Python. Las versiones afectadas est\\u00e1n sujetas a una vulnerabilidad de ejecuci\\u00f3n de c\\u00f3digo arbitrario conseguida al no administrar apropiadamente los archivos temporales de los usuarios. Esta vulnerabilidad permite a un usuario ejecutar c\\u00f3digo como otro en la misma m\\u00e1quina. Se recomienda a todos los usuarios que actualicen\"}]",
"id": "CVE-2022-21699",
"lastModified": "2024-11-21T06:45:15.597",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.5, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2022-01-19T22:15:09.470",
"references": "[{\"url\": \"https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-250\"}, {\"lang\": \"en\", \"value\": \"CWE-279\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-269\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-21699\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-01-19T22:15:09.470\",\"lastModified\":\"2024-11-21T06:45:15.597\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.\"},{\"lang\":\"es\",\"value\":\"IPython (Interactive Python) es un shell de comandos para la computaci\u00f3n interactiva en m\u00faltiples lenguajes de programaci\u00f3n, desarrollado originalmente para el lenguaje de programaci\u00f3n Python. Las versiones afectadas est\u00e1n sujetas a una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario conseguida al no administrar apropiadamente los archivos temporales de los usuarios. Esta vulnerabilidad permite a un usuario ejecutar c\u00f3digo como otro en la misma m\u00e1quina. Se recomienda a todos los usuarios que actualicen\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.5,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-250\"},{\"lang\":\"en\",\"value\":\"CWE-279\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.10.0\",\"matchCriteriaId\":\"20A91357-8D8B-45C5-820C-369BB5EA502F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"7.16.3\",\"matchCriteriaId\":\"BD1676DE-BE33-4992-9A42-1293B5D4A667\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.17.0\",\"versionEndExcluding\":\"7.31.1\",\"matchCriteriaId\":\"91125C7A-AEB7-4B1C-AB63-0F3374CF1735\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.0.1\",\"matchCriteriaId\":\"4FB4B7D2-9DFF-4454-BD7C-5686546CC209\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]}],\"references\":[{\"url\":\"https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"product\": \"ipython\", \"vendor\": \"ipython\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 5.11\"}, {\"status\": \"affected\", \"version\": \"\u003e= 6.0.0, \u003c 7.16.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 7.17.0, \u003c 7.31.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 8.0.0, \u003c 8.0.1\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"scope\": \"CHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"version\": \"3.1\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-250\", \"description\": \"CWE-250: Execution with Unnecessary Privileges\", \"lang\": \"en\", \"type\": \"CWE\"}]}, {\"descriptions\": [{\"cweId\": \"CWE-279\", \"description\": \"CWE-279: Incorrect Execution-Assigned Permissions\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2022-02-12T02:06:46.000Z\", \"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\"}, \"references\": [{\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699\"}, {\"name\": \"[debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"], \"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html\"}, {\"name\": \"FEDORA-2022-b58d156ab0\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"], \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/\"}, {\"name\": \"FEDORA-2022-b9e38f8a56\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\"], \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/\"}], \"source\": {\"advisory\": \"GHSA-pq7m-3gw7-gq5x\", \"discovery\": \"UNKNOWN\"}, \"title\": \"Execution with Unnecessary Privileges in ipython\", \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"security-advisories@github.com\", \"ID\": \"CVE-2022-21699\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Execution with Unnecessary Privileges in ipython\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"ipython\", \"version\": {\"version_data\": [{\"version_value\": \"\u003c 5.11\"}, {\"version_value\": \"\u003e= 6.0.0, \u003c 7.16.3\"}, {\"version_value\": \"\u003e= 7.17.0, \u003c 7.31.1\"}, {\"version_value\": \"\u003e= 8.0.0, \u003c 8.0.1\"}]}}]}, \"vendor_name\": \"ipython\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.\"}]}, \"impact\": {\"cvss\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"LOCAL\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"scope\": \"CHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"version\": \"3.1\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-250: Execution with Unnecessary Privileges\"}]}, {\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-279: Incorrect Execution-Assigned Permissions\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x\", \"refsource\": \"CONFIRM\", \"url\": \"https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x\"}, {\"name\": \"https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668\", \"refsource\": \"MISC\", \"url\": \"https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668\"}, {\"name\": \"https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699\", \"refsource\": \"MISC\", \"url\": \"https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699\"}, {\"name\": \"[debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update\", \"refsource\": \"MLIST\", \"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html\"}, {\"name\": \"FEDORA-2022-b58d156ab0\", \"refsource\": \"FEDORA\", \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/\"}, {\"name\": \"FEDORA-2022-b9e38f8a56\", \"refsource\": \"FEDORA\", \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/\"}]}, \"source\": {\"advisory\": \"GHSA-pq7m-3gw7-gq5x\", \"discovery\": \"UNKNOWN\"}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T02:53:34.751Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699\"}, {\"name\": \"[debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"], \"url\": \"https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html\"}, {\"name\": \"FEDORA-2022-b58d156ab0\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"], \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/\"}, {\"name\": \"FEDORA-2022-b9e38f8a56\", \"tags\": [\"vendor-advisory\", \"x_refsource_FEDORA\", \"x_transferred\"], \"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-21699\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T15:45:17.424524Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T15:45:19.162Z\"}}]}",
"cveMetadata": "{\"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"assignerShortName\": \"GitHub_M\", \"cveId\": \"CVE-2022-21699\", \"datePublished\": \"2022-01-19T21:15:11.000Z\", \"dateReserved\": \"2021-11-16T00:00:00.000Z\", \"dateUpdated\": \"2025-04-22T18:33:01.284Z\", \"state\": \"PUBLISHED\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
CERTFR-2024-AVI-0027
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | CTPView versions versions antérieures à 9.1R5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved version antérieures à 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO | ||
| Juniper Networks | N/A | Paragon Active Assurance versions antérieures à 3.1.2, 3.2.3, 3.3.2 et 3.4.1 | ||
| Juniper Networks | Junos OS | Junos OS version antérieures à 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions antérieures à SSR-6.2.3-r2 | ||
| Juniper Networks | N/A | Security Director Insights versions antérieures à 23.1R1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CTPView versions versions ant\u00e9rieures \u00e0 9.1R5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved version ant\u00e9rieures \u00e0 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions ant\u00e9rieures \u00e0 3.1.2, 3.2.3, 3.3.2 et 3.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS version ant\u00e9rieures \u00e0 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-6.2.3-r2",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Security Director Insights versions ant\u00e9rieures \u00e0 23.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3707"
},
{
"name": "CVE-2024-21602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21602"
},
{
"name": "CVE-2022-41974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41974"
},
{
"name": "CVE-2023-38802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38802"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-42720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42720"
},
{
"name": "CVE-2022-30594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
},
{
"name": "CVE-2022-41973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41973"
},
{
"name": "CVE-2023-0461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
},
{
"name": "CVE-2024-21616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21616"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2023-2235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-1281",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1281"
},
{
"name": "CVE-2024-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21599"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2024-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21614"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2022-4269",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2024-21607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21607"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2022-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
},
{
"name": "CVE-2022-3239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3239"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3567"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2024-21596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21596"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2021-33656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33656"
},
{
"name": "CVE-2023-1582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1582"
},
{
"name": "CVE-2022-4129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2023-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2194"
},
{
"name": "CVE-2024-21604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21604"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"name": "CVE-2020-9493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9493"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2022-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2022-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
},
{
"name": "CVE-2024-21600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21600"
},
{
"name": "CVE-2021-33655",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33655"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2022-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-21606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21606"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2022-41222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41222"
},
{
"name": "CVE-2016-10009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-21591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21591"
},
{
"name": "CVE-2020-12321",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
},
{
"name": "CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"name": "CVE-2022-3524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
},
{
"name": "CVE-2022-39188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2022-43945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
},
{
"name": "CVE-2022-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3625"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2024-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21587"
},
{
"name": "CVE-2022-42721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42721"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-4254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4254"
},
{
"name": "CVE-2024-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21617"
},
{
"name": "CVE-2023-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1195"
},
{
"name": "CVE-2024-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21589"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
},
{
"name": "CVE-2022-20141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20141"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2024-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21595"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
},
{
"name": "CVE-2023-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
},
{
"name": "CVE-2022-22164",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22164"
},
{
"name": "CVE-2024-21597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21597"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2023-0386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2021-26341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26341"
},
{
"name": "CVE-2022-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2022-1679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2022-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3619"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2023-1829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
},
{
"name": "CVE-2022-25265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25265"
},
{
"name": "CVE-2022-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1789"
},
{
"name": "CVE-2022-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2873"
},
{
"name": "CVE-2022-3623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
},
{
"name": "CVE-2024-21611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21611"
},
{
"name": "CVE-2024-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21613"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2024-21612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21612"
},
{
"name": "CVE-2022-42722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42722"
},
{
"name": "CVE-2024-21603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21603"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21585"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2023-36842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36842"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2024-21594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21594"
},
{
"name": "CVE-2022-3028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
},
{
"name": "CVE-2022-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3566"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-41674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41674"
},
{
"name": "CVE-2024-21601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21601"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0027",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75723 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-rpd-process-crash-due-to-BGP-flap-on-NSR-enabled-devices-CVE-2024-21585"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75741 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-PTX-Series-In-an-FTI-scenario-MPLS-packets-hitting-reject-next-hop-will-cause-a-host-path-wedge-condition-CVE-2024-21600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75752 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75757 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Processing-of-a-specific-SIP-packet-causes-NAT-IP-allocation-to-fail-CVE-2024-21616"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75730 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-jdhcpd-will-hang-on-receiving-a-specific-DHCP-packet-CVE-2023-36842"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75734 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-EX4100-EX4400-EX4600-and-QFX5000-Series-A-high-rate-of-specific-ICMP-traffic-will-cause-the-PFE-to-hang-CVE-2024-21595"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75737 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Security-Director-Insights-Multiple-vulnerabilities-in-SDI"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75721 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-IPython-privilege-escalation-vulnerability-CVE-2022-21699"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75736 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-CTPView-Multiple-vulnerabilities-in-CTPView-CVE-yyyy-nnnn"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75747 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-flowd-will-crash-when-tcp-encap-is-enabled-and-specific-packets-are-received-CVE-2024-21606"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75758 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-BGP-flap-on-NSR-enabled-devices-causes-memory-leak-CVE-2024-21617"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11272 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2022-01-Security-Bulletin-Junos-OS-Evolved-Telnet-service-may-be-enabled-when-it-is-expected-to-be-disabled-CVE-2022-22164"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75727 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Paragon-Active-Assurance-Control-Center-Information-disclosure-vulnerability-CVE-2024-21589"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75233 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75754 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-link-flap-causes-patroot-memory-leak-which-leads-to-rpd-crash-CVE-2024-21613"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75753 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-Specific-TCP-traffic-causes-OFP-core-and-restart-of-RE-CVE-2024-21612"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75742 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-Due-to-an-error-in-processing-TCP-events-flowd-will-crash-CVE-2024-21601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75740 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-MPC3E-memory-leak-with-PTP-configuration-CVE-2024-21599"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75748 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-Series-If-the-tcp-reset-option-used-in-an-IPv6-filter-matched-packets-are-accepted-instead-of-rejected-CVE-2024-21607"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75744 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-Gathering-statistics-in-a-scaled-SCU-DCU-configuration-will-lead-to-a-device-crash-CVE-2024-21603"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75743 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7100-32C-and-ACX7100-48L-Traffic-stops-when-a-specific-IPv4-UDP-packet-is-received-by-the-RE-CVE-2024-21602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75738 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-In-an-AF-scenario-traffic-can-bypass-configured-lo0-firewall-filters-CVE-2024-21597"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75733 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Repeated-execution-of-a-specific-CLI-command-causes-a-flowd-crash-CVE-2024-21594"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75725 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Memory-leak-in-bbe-smgd-process-if-BFD-liveness-detection-for-DHCP-subscribers-is-enabled-CVE-2024-21587"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75755 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-query-via-DREND-causes-rpd-crash-CVE-2024-21614"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75735 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-BGP-UPDATE-message-will-cause-a-crash-in-the-backup-Routing-Engine-CVE-2024-21596"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75745 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-traffic-will-cause-a-complete-system-outage-CVE-2024-21604"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75729 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591"
}
]
}
CERTFR-2024-AVI-1103
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 ifix 01 | ||
| IBM | QRadar SIEM | Security QRadar Log Management AQL Plugin versions antérieures à 1.1.0 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 (fixpack) GA | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 (fixpack) GA | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.0 ifix 01 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11_ifix001 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 ifix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": " Security QRadar Log Management AQL Plugin versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 (fixpack) GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 (fixpack) GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.0 ifix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11_ifix001",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2017-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
},
{
"name": "CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"name": "CVE-2023-41334",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41334"
},
{
"name": "CVE-2023-37536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2024-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22871"
},
{
"name": "CVE-2024-7006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2022-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2018-15209",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15209"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2018-17100",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17100"
},
{
"name": "CVE-2022-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
},
{
"name": "CVE-2022-34266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34266"
},
{
"name": "CVE-2020-35521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35521"
},
{
"name": "CVE-2023-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
},
{
"name": "CVE-2023-50386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2024-39008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39008"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2022-2057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
},
{
"name": "CVE-2019-6128",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6128"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
},
{
"name": "CVE-2024-45082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45082"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2022-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
},
{
"name": "CVE-2022-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2022-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
},
{
"name": "CVE-2023-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2023-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
},
{
"name": "CVE-2023-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2023-4759",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4759"
},
{
"name": "CVE-2017-11613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11613"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2024-41752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41752"
},
{
"name": "CVE-2023-50447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50447"
},
{
"name": "CVE-2018-18508",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18508"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2022-22844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
},
{
"name": "CVE-2014-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1544"
},
{
"name": "CVE-2023-4421",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4421"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2023-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50292"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2023-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
},
{
"name": "CVE-2022-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2020-25648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2022-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
},
{
"name": "CVE-2024-28176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
},
{
"name": "CVE-2019-7317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2019-17007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17007"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2023-38289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38289"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2010-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2015-7182",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7182"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2018-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16335"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2020-19144",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19144"
},
{
"name": "CVE-2023-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
},
{
"name": "CVE-2022-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2017-12627",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12627"
},
{
"name": "CVE-2018-17101",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17101"
},
{
"name": "CVE-2023-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2020-26261",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26261"
},
{
"name": "CVE-2023-24816",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24816"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
},
{
"name": "CVE-2022-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
},
{
"name": "CVE-2019-17546",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17546"
},
{
"name": "CVE-2022-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
},
{
"name": "CVE-2022-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3479"
},
{
"name": "CVE-2023-40745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2020-15110",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15110"
},
{
"name": "CVE-2023-25435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25435"
},
{
"name": "CVE-2024-37372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
},
{
"name": "CVE-2021-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2017-18869",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18869"
},
{
"name": "CVE-2022-0562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2022-0891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0891"
},
{
"name": "CVE-2018-7456",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7456"
},
{
"name": "CVE-2023-38288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38288"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2017-18013",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18013"
},
{
"name": "CVE-2023-25194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2016-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1938"
},
{
"name": "CVE-2017-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11698"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2024-38337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38337"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-12404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
},
{
"name": "CVE-2019-14973",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14973"
},
{
"name": "CVE-2020-36191",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36191"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2023-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
},
{
"name": "CVE-2023-30775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30775"
},
{
"name": "CVE-2023-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-19131",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19131"
},
{
"name": "CVE-2015-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7575"
},
{
"name": "CVE-2023-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2018-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5784"
},
{
"name": "CVE-2018-17000",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17000"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2023-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2020-35523",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35523"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2022-34749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34749"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2020-19189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
},
{
"name": "CVE-2022-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2024-34102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34102"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2021-32862",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32862"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2024-4367",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4367"
},
{
"name": "CVE-2024-25016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25016"
},
{
"name": "CVE-2022-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
},
{
"name": "CVE-2023-25434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25434"
},
{
"name": "CVE-2024-29896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29896"
},
{
"name": "CVE-2015-7181",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7181"
},
{
"name": "CVE-2020-18768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18768"
},
{
"name": "CVE-2022-34526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
},
{
"name": "CVE-2022-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
},
{
"name": "CVE-2017-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5461"
},
{
"name": "CVE-2014-1569",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1569"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2017-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11695"
},
{
"name": "CVE-2023-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2017-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11697"
},
{
"name": "CVE-2023-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2024-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2018-19210",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19210"
},
{
"name": "CVE-2013-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2099"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-10255",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10255"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2020-35524",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35524"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2024-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
},
{
"name": "CVE-2020-35522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35522"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
},
{
"name": "CVE-2017-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11696"
},
{
"name": "CVE-2022-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1103",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177142",
"url": "https://www.ibm.com/support/pages/node/7177142"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177223",
"url": "https://www.ibm.com/support/pages/node/7177223"
},
{
"published_at": "2024-12-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179044",
"url": "https://www.ibm.com/support/pages/node/7179044"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179156",
"url": "https://www.ibm.com/support/pages/node/7179156"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179166",
"url": "https://www.ibm.com/support/pages/node/7179166"
},
{
"published_at": "2024-12-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178835",
"url": "https://www.ibm.com/support/pages/node/7178835"
}
]
}
CERTFR-2024-AVI-1103
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 ifix 01 | ||
| IBM | QRadar SIEM | Security QRadar Log Management AQL Plugin versions antérieures à 1.1.0 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 (fixpack) GA | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 (fixpack) GA | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.0 ifix 01 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.11_ifix001 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 ifix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": " Security QRadar Log Management AQL Plugin versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 (fixpack) GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 (fixpack) GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.0 ifix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.11_ifix001",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2017-9937",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9937"
},
{
"name": "CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"name": "CVE-2023-41334",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41334"
},
{
"name": "CVE-2023-37536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37536"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2024-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22871"
},
{
"name": "CVE-2024-7006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7006"
},
{
"name": "CVE-2023-3316",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
},
{
"name": "CVE-2024-36138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36138"
},
{
"name": "CVE-2018-14042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14042"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2024-22020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
},
{
"name": "CVE-2022-3626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3626"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2018-15209",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15209"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2018-17100",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17100"
},
{
"name": "CVE-2022-3599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3599"
},
{
"name": "CVE-2022-34266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34266"
},
{
"name": "CVE-2020-35521",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35521"
},
{
"name": "CVE-2023-0796",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0796"
},
{
"name": "CVE-2023-50386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50386"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-23944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23944"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2024-39008",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39008"
},
{
"name": "CVE-2018-14040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14040"
},
{
"name": "CVE-2024-28757",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28757"
},
{
"name": "CVE-2023-30086",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2024-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
},
{
"name": "CVE-2022-2057",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2057"
},
{
"name": "CVE-2019-6128",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6128"
},
{
"name": "CVE-2023-26965",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2023-52426",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52426"
},
{
"name": "CVE-2022-2058",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2058"
},
{
"name": "CVE-2024-45082",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45082"
},
{
"name": "CVE-2023-50782",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
},
{
"name": "CVE-2022-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3627"
},
{
"name": "CVE-2022-2867",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2867"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2022-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3598"
},
{
"name": "CVE-2023-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0798"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2023-2731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2731"
},
{
"name": "CVE-2023-0803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0803"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-30774",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30774"
},
{
"name": "CVE-2023-4759",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4759"
},
{
"name": "CVE-2017-11613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11613"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2024-41752",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41752"
},
{
"name": "CVE-2023-50447",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50447"
},
{
"name": "CVE-2018-18508",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18508"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-34447",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2024-29025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
},
{
"name": "CVE-2022-22844",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22844"
},
{
"name": "CVE-2014-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1544"
},
{
"name": "CVE-2023-4421",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4421"
},
{
"name": "CVE-2023-6277",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6277"
},
{
"name": "CVE-2023-4813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2023-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50298"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2023-50292",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50292"
},
{
"name": "CVE-2018-20676",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20676"
},
{
"name": "CVE-2023-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0802"
},
{
"name": "CVE-2022-2056",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2056"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2020-25648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2022-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
},
{
"name": "CVE-2024-28176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
},
{
"name": "CVE-2019-7317",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7317"
},
{
"name": "CVE-2024-7264",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
},
{
"name": "CVE-2019-17007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17007"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2023-51074",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51074"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2023-38289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38289"
},
{
"name": "CVE-2018-20677",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20677"
},
{
"name": "CVE-2010-1205",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1205"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-23931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
},
{
"name": "CVE-2015-7182",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7182"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2018-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16335"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-29131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
},
{
"name": "CVE-2021-36770",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36770"
},
{
"name": "CVE-2020-19144",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19144"
},
{
"name": "CVE-2023-3164",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3164"
},
{
"name": "CVE-2022-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3597"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2017-12627",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12627"
},
{
"name": "CVE-2018-17101",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17101"
},
{
"name": "CVE-2023-50291",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50291"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2020-26261",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26261"
},
{
"name": "CVE-2023-24816",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24816"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-0801",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0801"
},
{
"name": "CVE-2022-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4645"
},
{
"name": "CVE-2019-17546",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17546"
},
{
"name": "CVE-2022-2869",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2869"
},
{
"name": "CVE-2022-3479",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3479"
},
{
"name": "CVE-2023-40745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40745"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2020-15110",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15110"
},
{
"name": "CVE-2023-25435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25435"
},
{
"name": "CVE-2024-37372",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37372"
},
{
"name": "CVE-2021-38153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38153"
},
{
"name": "CVE-2023-5156",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5156"
},
{
"name": "CVE-2024-29133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
},
{
"name": "CVE-2017-18869",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18869"
},
{
"name": "CVE-2022-0562",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0562"
},
{
"name": "CVE-2023-38325",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38325"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2022-0891",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0891"
},
{
"name": "CVE-2018-7456",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7456"
},
{
"name": "CVE-2023-38288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38288"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0799"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-0795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0795"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2023-50495",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50495"
},
{
"name": "CVE-2017-18013",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18013"
},
{
"name": "CVE-2023-25194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25194"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2016-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1938"
},
{
"name": "CVE-2017-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11698"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2024-38337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38337"
},
{
"name": "CVE-2018-12384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12384"
},
{
"name": "CVE-2018-12404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
},
{
"name": "CVE-2019-14973",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14973"
},
{
"name": "CVE-2020-36191",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36191"
},
{
"name": "CVE-2024-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
},
{
"name": "CVE-2023-0804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0804"
},
{
"name": "CVE-2023-30775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30775"
},
{
"name": "CVE-2023-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0797"
},
{
"name": "CVE-2018-14041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14041"
},
{
"name": "CVE-2023-1916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1916"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2020-19131",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19131"
},
{
"name": "CVE-2015-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7575"
},
{
"name": "CVE-2023-41175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41175"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2018-5784",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5784"
},
{
"name": "CVE-2018-17000",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17000"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2023-3576",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3576"
},
{
"name": "CVE-2023-4806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
},
{
"name": "CVE-2020-35523",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35523"
},
{
"name": "CVE-2016-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10735"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2022-34749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34749"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2020-19189",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19189"
},
{
"name": "CVE-2022-0908",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0908"
},
{
"name": "CVE-2023-49083",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
},
{
"name": "CVE-2024-36114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2024-34102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34102"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2021-32862",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32862"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2024-4367",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4367"
},
{
"name": "CVE-2024-25016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25016"
},
{
"name": "CVE-2022-40090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40090"
},
{
"name": "CVE-2023-25434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25434"
},
{
"name": "CVE-2024-29896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29896"
},
{
"name": "CVE-2015-7181",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7181"
},
{
"name": "CVE-2020-18768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18768"
},
{
"name": "CVE-2022-34526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34526"
},
{
"name": "CVE-2022-2868",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2868"
},
{
"name": "CVE-2017-5461",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5461"
},
{
"name": "CVE-2014-1569",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1569"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2017-11695",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11695"
},
{
"name": "CVE-2023-2908",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2908"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2017-11697",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11697"
},
{
"name": "CVE-2023-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0800"
},
{
"name": "CVE-2023-5388",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5388"
},
{
"name": "CVE-2024-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27980"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2024-51504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
},
{
"name": "CVE-2018-19210",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19210"
},
{
"name": "CVE-2013-2099",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2099"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2019-10255",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10255"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2020-35524",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35524"
},
{
"name": "CVE-2019-8331",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8331"
},
{
"name": "CVE-2024-36137",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36137"
},
{
"name": "CVE-2020-35522",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35522"
},
{
"name": "CVE-2022-3570",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3570"
},
{
"name": "CVE-2017-11696",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11696"
},
{
"name": "CVE-2022-0561",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0561"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-1103",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177142",
"url": "https://www.ibm.com/support/pages/node/7177142"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177223",
"url": "https://www.ibm.com/support/pages/node/7177223"
},
{
"published_at": "2024-12-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179044",
"url": "https://www.ibm.com/support/pages/node/7179044"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179156",
"url": "https://www.ibm.com/support/pages/node/7179156"
},
{
"published_at": "2024-12-17",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7179166",
"url": "https://www.ibm.com/support/pages/node/7179166"
},
{
"published_at": "2024-12-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178835",
"url": "https://www.ibm.com/support/pages/node/7178835"
}
]
}
CERTFR-2024-AVI-0027
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | CTPView versions versions antérieures à 9.1R5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved version antérieures à 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO | ||
| Juniper Networks | N/A | Paragon Active Assurance versions antérieures à 3.1.2, 3.2.3, 3.3.2 et 3.4.1 | ||
| Juniper Networks | Junos OS | Junos OS version antérieures à 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions antérieures à SSR-6.2.3-r2 | ||
| Juniper Networks | N/A | Security Director Insights versions antérieures à 23.1R1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CTPView versions versions ant\u00e9rieures \u00e0 9.1R5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved version ant\u00e9rieures \u00e0 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions ant\u00e9rieures \u00e0 3.1.2, 3.2.3, 3.3.2 et 3.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS version ant\u00e9rieures \u00e0 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-6.2.3-r2",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Security Director Insights versions ant\u00e9rieures \u00e0 23.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3707"
},
{
"name": "CVE-2024-21602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21602"
},
{
"name": "CVE-2022-41974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41974"
},
{
"name": "CVE-2023-38802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38802"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-42720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42720"
},
{
"name": "CVE-2022-30594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
},
{
"name": "CVE-2022-41973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41973"
},
{
"name": "CVE-2023-0461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
},
{
"name": "CVE-2024-21616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21616"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2023-2235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-1281",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1281"
},
{
"name": "CVE-2024-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21599"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2024-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21614"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2022-4269",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2024-21607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21607"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2022-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
},
{
"name": "CVE-2022-3239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3239"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3567"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2024-21596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21596"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2021-33656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33656"
},
{
"name": "CVE-2023-1582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1582"
},
{
"name": "CVE-2022-4129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2023-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2194"
},
{
"name": "CVE-2024-21604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21604"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"name": "CVE-2020-9493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9493"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2022-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2022-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
},
{
"name": "CVE-2024-21600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21600"
},
{
"name": "CVE-2021-33655",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33655"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2022-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-21606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21606"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2022-41222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41222"
},
{
"name": "CVE-2016-10009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-21591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21591"
},
{
"name": "CVE-2020-12321",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
},
{
"name": "CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"name": "CVE-2022-3524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
},
{
"name": "CVE-2022-39188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2022-43945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
},
{
"name": "CVE-2022-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3625"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2024-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21587"
},
{
"name": "CVE-2022-42721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42721"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-4254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4254"
},
{
"name": "CVE-2024-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21617"
},
{
"name": "CVE-2023-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1195"
},
{
"name": "CVE-2024-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21589"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
},
{
"name": "CVE-2022-20141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20141"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2024-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21595"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
},
{
"name": "CVE-2023-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
},
{
"name": "CVE-2022-22164",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22164"
},
{
"name": "CVE-2024-21597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21597"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2023-0386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2021-26341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26341"
},
{
"name": "CVE-2022-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2022-1679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2022-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3619"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2023-1829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
},
{
"name": "CVE-2022-25265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25265"
},
{
"name": "CVE-2022-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1789"
},
{
"name": "CVE-2022-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2873"
},
{
"name": "CVE-2022-3623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
},
{
"name": "CVE-2024-21611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21611"
},
{
"name": "CVE-2024-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21613"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2024-21612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21612"
},
{
"name": "CVE-2022-42722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42722"
},
{
"name": "CVE-2024-21603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21603"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21585"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2023-36842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36842"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2024-21594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21594"
},
{
"name": "CVE-2022-3028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
},
{
"name": "CVE-2022-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3566"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-41674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41674"
},
{
"name": "CVE-2024-21601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21601"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0027",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75723 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-rpd-process-crash-due-to-BGP-flap-on-NSR-enabled-devices-CVE-2024-21585"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75741 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-PTX-Series-In-an-FTI-scenario-MPLS-packets-hitting-reject-next-hop-will-cause-a-host-path-wedge-condition-CVE-2024-21600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75752 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75757 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Processing-of-a-specific-SIP-packet-causes-NAT-IP-allocation-to-fail-CVE-2024-21616"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75730 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-jdhcpd-will-hang-on-receiving-a-specific-DHCP-packet-CVE-2023-36842"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75734 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-EX4100-EX4400-EX4600-and-QFX5000-Series-A-high-rate-of-specific-ICMP-traffic-will-cause-the-PFE-to-hang-CVE-2024-21595"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75737 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Security-Director-Insights-Multiple-vulnerabilities-in-SDI"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75721 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-IPython-privilege-escalation-vulnerability-CVE-2022-21699"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75736 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-CTPView-Multiple-vulnerabilities-in-CTPView-CVE-yyyy-nnnn"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75747 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-flowd-will-crash-when-tcp-encap-is-enabled-and-specific-packets-are-received-CVE-2024-21606"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75758 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-BGP-flap-on-NSR-enabled-devices-causes-memory-leak-CVE-2024-21617"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11272 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2022-01-Security-Bulletin-Junos-OS-Evolved-Telnet-service-may-be-enabled-when-it-is-expected-to-be-disabled-CVE-2022-22164"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75727 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Paragon-Active-Assurance-Control-Center-Information-disclosure-vulnerability-CVE-2024-21589"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75233 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75754 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-link-flap-causes-patroot-memory-leak-which-leads-to-rpd-crash-CVE-2024-21613"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75753 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-Specific-TCP-traffic-causes-OFP-core-and-restart-of-RE-CVE-2024-21612"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75742 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-Due-to-an-error-in-processing-TCP-events-flowd-will-crash-CVE-2024-21601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75740 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-MPC3E-memory-leak-with-PTP-configuration-CVE-2024-21599"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75748 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-Series-If-the-tcp-reset-option-used-in-an-IPv6-filter-matched-packets-are-accepted-instead-of-rejected-CVE-2024-21607"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75744 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-Gathering-statistics-in-a-scaled-SCU-DCU-configuration-will-lead-to-a-device-crash-CVE-2024-21603"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75743 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7100-32C-and-ACX7100-48L-Traffic-stops-when-a-specific-IPv4-UDP-packet-is-received-by-the-RE-CVE-2024-21602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75738 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-In-an-AF-scenario-traffic-can-bypass-configured-lo0-firewall-filters-CVE-2024-21597"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75733 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Repeated-execution-of-a-specific-CLI-command-causes-a-flowd-crash-CVE-2024-21594"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75725 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Memory-leak-in-bbe-smgd-process-if-BFD-liveness-detection-for-DHCP-subscribers-is-enabled-CVE-2024-21587"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75755 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-query-via-DREND-causes-rpd-crash-CVE-2024-21614"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75735 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-BGP-UPDATE-message-will-cause-a-crash-in-the-backup-Routing-Engine-CVE-2024-21596"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75745 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-traffic-will-cause-a-complete-system-outage-CVE-2024-21604"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75729 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591"
}
]
}
OPENSUSE-SU-2024:11995-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
spyder-5.3.0-1.1 on GA media
Notes
Title of the patch
spyder-5.3.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the spyder-5.3.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11995
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "spyder-5.3.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the spyder-5.3.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11995",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11995-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21699/"
}
],
"title": "spyder-5.3.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11995-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "spyder-5.3.0-1.1.aarch64",
"product": {
"name": "spyder-5.3.0-1.1.aarch64",
"product_id": "spyder-5.3.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "spyder-dicom-5.3.0-1.1.aarch64",
"product": {
"name": "spyder-dicom-5.3.0-1.1.aarch64",
"product_id": "spyder-dicom-5.3.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "spyder-hdf5-5.3.0-1.1.aarch64",
"product": {
"name": "spyder-hdf5-5.3.0-1.1.aarch64",
"product_id": "spyder-hdf5-5.3.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "spyder-lang-5.3.0-1.1.aarch64",
"product": {
"name": "spyder-lang-5.3.0-1.1.aarch64",
"product_id": "spyder-lang-5.3.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "spyder-5.3.0-1.1.ppc64le",
"product": {
"name": "spyder-5.3.0-1.1.ppc64le",
"product_id": "spyder-5.3.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "spyder-dicom-5.3.0-1.1.ppc64le",
"product": {
"name": "spyder-dicom-5.3.0-1.1.ppc64le",
"product_id": "spyder-dicom-5.3.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "spyder-hdf5-5.3.0-1.1.ppc64le",
"product": {
"name": "spyder-hdf5-5.3.0-1.1.ppc64le",
"product_id": "spyder-hdf5-5.3.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "spyder-lang-5.3.0-1.1.ppc64le",
"product": {
"name": "spyder-lang-5.3.0-1.1.ppc64le",
"product_id": "spyder-lang-5.3.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "spyder-5.3.0-1.1.s390x",
"product": {
"name": "spyder-5.3.0-1.1.s390x",
"product_id": "spyder-5.3.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "spyder-dicom-5.3.0-1.1.s390x",
"product": {
"name": "spyder-dicom-5.3.0-1.1.s390x",
"product_id": "spyder-dicom-5.3.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "spyder-hdf5-5.3.0-1.1.s390x",
"product": {
"name": "spyder-hdf5-5.3.0-1.1.s390x",
"product_id": "spyder-hdf5-5.3.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "spyder-lang-5.3.0-1.1.s390x",
"product": {
"name": "spyder-lang-5.3.0-1.1.s390x",
"product_id": "spyder-lang-5.3.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "spyder-5.3.0-1.1.x86_64",
"product": {
"name": "spyder-5.3.0-1.1.x86_64",
"product_id": "spyder-5.3.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "spyder-dicom-5.3.0-1.1.x86_64",
"product": {
"name": "spyder-dicom-5.3.0-1.1.x86_64",
"product_id": "spyder-dicom-5.3.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "spyder-hdf5-5.3.0-1.1.x86_64",
"product": {
"name": "spyder-hdf5-5.3.0-1.1.x86_64",
"product_id": "spyder-hdf5-5.3.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "spyder-lang-5.3.0-1.1.x86_64",
"product": {
"name": "spyder-lang-5.3.0-1.1.x86_64",
"product_id": "spyder-lang-5.3.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-5.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-5.3.0-1.1.aarch64"
},
"product_reference": "spyder-5.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-5.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-5.3.0-1.1.ppc64le"
},
"product_reference": "spyder-5.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-5.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-5.3.0-1.1.s390x"
},
"product_reference": "spyder-5.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-5.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-5.3.0-1.1.x86_64"
},
"product_reference": "spyder-5.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-dicom-5.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.aarch64"
},
"product_reference": "spyder-dicom-5.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-dicom-5.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.ppc64le"
},
"product_reference": "spyder-dicom-5.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-dicom-5.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.s390x"
},
"product_reference": "spyder-dicom-5.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-dicom-5.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.x86_64"
},
"product_reference": "spyder-dicom-5.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-hdf5-5.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.aarch64"
},
"product_reference": "spyder-hdf5-5.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-hdf5-5.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.ppc64le"
},
"product_reference": "spyder-hdf5-5.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-hdf5-5.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.s390x"
},
"product_reference": "spyder-hdf5-5.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-hdf5-5.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.x86_64"
},
"product_reference": "spyder-hdf5-5.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-lang-5.3.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.aarch64"
},
"product_reference": "spyder-lang-5.3.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-lang-5.3.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.ppc64le"
},
"product_reference": "spyder-lang-5.3.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-lang-5.3.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.s390x"
},
"product_reference": "spyder-lang-5.3.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spyder-lang-5.3.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.x86_64"
},
"product_reference": "spyder-lang-5.3.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21699"
}
],
"notes": [
{
"category": "general",
"text": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:spyder-5.3.0-1.1.aarch64",
"openSUSE Tumbleweed:spyder-5.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:spyder-5.3.0-1.1.s390x",
"openSUSE Tumbleweed:spyder-5.3.0-1.1.x86_64",
"openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.aarch64",
"openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.s390x",
"openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.x86_64",
"openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.aarch64",
"openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.s390x",
"openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.x86_64",
"openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.aarch64",
"openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.s390x",
"openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21699",
"url": "https://www.suse.com/security/cve/CVE-2022-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1194936 for CVE-2022-21699",
"url": "https://bugzilla.suse.com/1194936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:spyder-5.3.0-1.1.aarch64",
"openSUSE Tumbleweed:spyder-5.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:spyder-5.3.0-1.1.s390x",
"openSUSE Tumbleweed:spyder-5.3.0-1.1.x86_64",
"openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.aarch64",
"openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.s390x",
"openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.x86_64",
"openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.aarch64",
"openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.s390x",
"openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.x86_64",
"openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.aarch64",
"openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.s390x",
"openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:spyder-5.3.0-1.1.aarch64",
"openSUSE Tumbleweed:spyder-5.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:spyder-5.3.0-1.1.s390x",
"openSUSE Tumbleweed:spyder-5.3.0-1.1.x86_64",
"openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.aarch64",
"openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.s390x",
"openSUSE Tumbleweed:spyder-dicom-5.3.0-1.1.x86_64",
"openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.aarch64",
"openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.s390x",
"openSUSE Tumbleweed:spyder-hdf5-5.3.0-1.1.x86_64",
"openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.aarch64",
"openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.ppc64le",
"openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.s390x",
"openSUSE Tumbleweed:spyder-lang-5.3.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-21699"
}
]
}
OPENSUSE-SU-2022:10043-1
Vulnerability from csaf_opensuse - Published: 2022-07-07 19:32 - Updated: 2022-07-07 19:32Summary
Security update for python-ipython
Notes
Title of the patch
Security update for python-ipython
Description of the patch
This update for python-ipython fixes the following issues:
- CVE-2022-21699: Confining executed process to have limited privileges. (boo#1194936).
Patchnames
openSUSE-2022-10043
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-ipython",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-ipython fixes the following issues:\n\n- CVE-2022-21699: Confining executed process to have limited privileges. (boo#1194936). \n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-10043",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10043-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:10043-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NTGOGG2ZEI7KLN4MVBRDQQ4FSIXPEKNL/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:10043-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NTGOGG2ZEI7KLN4MVBRDQQ4FSIXPEKNL/"
},
{
"category": "self",
"summary": "SUSE Bug 1194936",
"url": "https://bugzilla.suse.com/1194936"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21699/"
}
],
"title": "Security update for python-ipython",
"tracking": {
"current_release_date": "2022-07-07T19:32:36Z",
"generator": {
"date": "2022-07-07T19:32:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:10043-1",
"initial_release_date": "2022-07-07T19:32:36Z",
"revision_history": [
{
"date": "2022-07-07T19:32:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python3-ipython-7.13.0-bp153.2.6.1.noarch",
"product": {
"name": "python3-ipython-7.13.0-bp153.2.6.1.noarch",
"product_id": "python3-ipython-7.13.0-bp153.2.6.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch",
"product": {
"name": "python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch",
"product_id": "python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipython-7.13.0-bp153.2.6.1.noarch as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:python3-ipython-7.13.0-bp153.2.6.1.noarch"
},
"product_reference": "python3-ipython-7.13.0-bp153.2.6.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch"
},
"product_reference": "python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipython-7.13.0-bp153.2.6.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-ipython-7.13.0-bp153.2.6.1.noarch"
},
"product_reference": "python3-ipython-7.13.0-bp153.2.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch"
},
"product_reference": "python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21699"
}
],
"notes": [
{
"category": "general",
"text": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:python3-ipython-7.13.0-bp153.2.6.1.noarch",
"SUSE Package Hub 15 SP3:python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch",
"openSUSE Leap 15.3:python3-ipython-7.13.0-bp153.2.6.1.noarch",
"openSUSE Leap 15.3:python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21699",
"url": "https://www.suse.com/security/cve/CVE-2022-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1194936 for CVE-2022-21699",
"url": "https://bugzilla.suse.com/1194936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:python3-ipython-7.13.0-bp153.2.6.1.noarch",
"SUSE Package Hub 15 SP3:python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch",
"openSUSE Leap 15.3:python3-ipython-7.13.0-bp153.2.6.1.noarch",
"openSUSE Leap 15.3:python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:python3-ipython-7.13.0-bp153.2.6.1.noarch",
"SUSE Package Hub 15 SP3:python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch",
"openSUSE Leap 15.3:python3-ipython-7.13.0-bp153.2.6.1.noarch",
"openSUSE Leap 15.3:python3-ipython-iptest-7.13.0-bp153.2.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-07-07T19:32:36Z",
"details": "important"
}
],
"title": "CVE-2022-21699"
}
]
}
OPENSUSE-SU-2025:14718-1
Vulnerability from csaf_opensuse - Published: 2025-01-30 00:00 - Updated: 2025-01-30 00:00Summary
python311-ipython-8.31.0-1.1 on GA media
Notes
Title of the patch
python311-ipython-8.31.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the python311-ipython-8.31.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14718
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-ipython-8.31.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-ipython-8.31.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14718",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14718-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14718-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BHCUXPCE3NKBI2FCTMGFXG7NPJDZEKNM/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14718-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BHCUXPCE3NKBI2FCTMGFXG7NPJDZEKNM/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21699/"
}
],
"title": "python311-ipython-8.31.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-01-30T00:00:00Z",
"generator": {
"date": "2025-01-30T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14718-1",
"initial_release_date": "2025-01-30T00:00:00Z",
"revision_history": [
{
"date": "2025-01-30T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-ipython-8.31.0-1.1.aarch64",
"product": {
"name": "python311-ipython-8.31.0-1.1.aarch64",
"product_id": "python311-ipython-8.31.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-ipython-8.31.0-1.1.aarch64",
"product": {
"name": "python312-ipython-8.31.0-1.1.aarch64",
"product_id": "python312-ipython-8.31.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-ipython-8.31.0-1.1.aarch64",
"product": {
"name": "python313-ipython-8.31.0-1.1.aarch64",
"product_id": "python313-ipython-8.31.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-ipython-8.31.0-1.1.ppc64le",
"product": {
"name": "python311-ipython-8.31.0-1.1.ppc64le",
"product_id": "python311-ipython-8.31.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-ipython-8.31.0-1.1.ppc64le",
"product": {
"name": "python312-ipython-8.31.0-1.1.ppc64le",
"product_id": "python312-ipython-8.31.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-ipython-8.31.0-1.1.ppc64le",
"product": {
"name": "python313-ipython-8.31.0-1.1.ppc64le",
"product_id": "python313-ipython-8.31.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-ipython-8.31.0-1.1.s390x",
"product": {
"name": "python311-ipython-8.31.0-1.1.s390x",
"product_id": "python311-ipython-8.31.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-ipython-8.31.0-1.1.s390x",
"product": {
"name": "python312-ipython-8.31.0-1.1.s390x",
"product_id": "python312-ipython-8.31.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-ipython-8.31.0-1.1.s390x",
"product": {
"name": "python313-ipython-8.31.0-1.1.s390x",
"product_id": "python313-ipython-8.31.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-ipython-8.31.0-1.1.x86_64",
"product": {
"name": "python311-ipython-8.31.0-1.1.x86_64",
"product_id": "python311-ipython-8.31.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-ipython-8.31.0-1.1.x86_64",
"product": {
"name": "python312-ipython-8.31.0-1.1.x86_64",
"product_id": "python312-ipython-8.31.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-ipython-8.31.0-1.1.x86_64",
"product": {
"name": "python313-ipython-8.31.0-1.1.x86_64",
"product_id": "python313-ipython-8.31.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-ipython-8.31.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.aarch64"
},
"product_reference": "python311-ipython-8.31.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-ipython-8.31.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.ppc64le"
},
"product_reference": "python311-ipython-8.31.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-ipython-8.31.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.s390x"
},
"product_reference": "python311-ipython-8.31.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-ipython-8.31.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.x86_64"
},
"product_reference": "python311-ipython-8.31.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-ipython-8.31.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.aarch64"
},
"product_reference": "python312-ipython-8.31.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-ipython-8.31.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.ppc64le"
},
"product_reference": "python312-ipython-8.31.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-ipython-8.31.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.s390x"
},
"product_reference": "python312-ipython-8.31.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-ipython-8.31.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.x86_64"
},
"product_reference": "python312-ipython-8.31.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-ipython-8.31.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.aarch64"
},
"product_reference": "python313-ipython-8.31.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-ipython-8.31.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.ppc64le"
},
"product_reference": "python313-ipython-8.31.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-ipython-8.31.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.s390x"
},
"product_reference": "python313-ipython-8.31.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-ipython-8.31.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.x86_64"
},
"product_reference": "python313-ipython-8.31.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21699"
}
],
"notes": [
{
"category": "general",
"text": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.s390x",
"openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.s390x",
"openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.s390x",
"openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21699",
"url": "https://www.suse.com/security/cve/CVE-2022-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1194936 for CVE-2022-21699",
"url": "https://bugzilla.suse.com/1194936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.s390x",
"openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.s390x",
"openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.s390x",
"openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.s390x",
"openSUSE Tumbleweed:python311-ipython-8.31.0-1.1.x86_64",
"openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.aarch64",
"openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.s390x",
"openSUSE Tumbleweed:python312-ipython-8.31.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.s390x",
"openSUSE Tumbleweed:python313-ipython-8.31.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-30T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-21699"
}
]
}
OPENSUSE-SU-2024:11763-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
python310-ipython-8.0.1-1.1 on GA media
Notes
Title of the patch
python310-ipython-8.0.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the python310-ipython-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-11763
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python310-ipython-8.0.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python310-ipython-8.0.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11763",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11763-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21699 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21699/"
}
],
"title": "python310-ipython-8.0.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11763-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-ipython-8.0.1-1.1.aarch64",
"product": {
"name": "python310-ipython-8.0.1-1.1.aarch64",
"product_id": "python310-ipython-8.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python38-ipython-8.0.1-1.1.aarch64",
"product": {
"name": "python38-ipython-8.0.1-1.1.aarch64",
"product_id": "python38-ipython-8.0.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python39-ipython-8.0.1-1.1.aarch64",
"product": {
"name": "python39-ipython-8.0.1-1.1.aarch64",
"product_id": "python39-ipython-8.0.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-ipython-8.0.1-1.1.ppc64le",
"product": {
"name": "python310-ipython-8.0.1-1.1.ppc64le",
"product_id": "python310-ipython-8.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python38-ipython-8.0.1-1.1.ppc64le",
"product": {
"name": "python38-ipython-8.0.1-1.1.ppc64le",
"product_id": "python38-ipython-8.0.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python39-ipython-8.0.1-1.1.ppc64le",
"product": {
"name": "python39-ipython-8.0.1-1.1.ppc64le",
"product_id": "python39-ipython-8.0.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-ipython-8.0.1-1.1.s390x",
"product": {
"name": "python310-ipython-8.0.1-1.1.s390x",
"product_id": "python310-ipython-8.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python38-ipython-8.0.1-1.1.s390x",
"product": {
"name": "python38-ipython-8.0.1-1.1.s390x",
"product_id": "python38-ipython-8.0.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python39-ipython-8.0.1-1.1.s390x",
"product": {
"name": "python39-ipython-8.0.1-1.1.s390x",
"product_id": "python39-ipython-8.0.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python310-ipython-8.0.1-1.1.x86_64",
"product": {
"name": "python310-ipython-8.0.1-1.1.x86_64",
"product_id": "python310-ipython-8.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python38-ipython-8.0.1-1.1.x86_64",
"product": {
"name": "python38-ipython-8.0.1-1.1.x86_64",
"product_id": "python38-ipython-8.0.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python39-ipython-8.0.1-1.1.x86_64",
"product": {
"name": "python39-ipython-8.0.1-1.1.x86_64",
"product_id": "python39-ipython-8.0.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-ipython-8.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.aarch64"
},
"product_reference": "python310-ipython-8.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-ipython-8.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.ppc64le"
},
"product_reference": "python310-ipython-8.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-ipython-8.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.s390x"
},
"product_reference": "python310-ipython-8.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-ipython-8.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.x86_64"
},
"product_reference": "python310-ipython-8.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-ipython-8.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.aarch64"
},
"product_reference": "python38-ipython-8.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-ipython-8.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.ppc64le"
},
"product_reference": "python38-ipython-8.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-ipython-8.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.s390x"
},
"product_reference": "python38-ipython-8.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python38-ipython-8.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.x86_64"
},
"product_reference": "python38-ipython-8.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-ipython-8.0.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.aarch64"
},
"product_reference": "python39-ipython-8.0.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-ipython-8.0.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.ppc64le"
},
"product_reference": "python39-ipython-8.0.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-ipython-8.0.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.s390x"
},
"product_reference": "python39-ipython-8.0.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-ipython-8.0.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.x86_64"
},
"product_reference": "python39-ipython-8.0.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21699"
}
],
"notes": [
{
"category": "general",
"text": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.s390x",
"openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.x86_64",
"openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.s390x",
"openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.x86_64",
"openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.s390x",
"openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21699",
"url": "https://www.suse.com/security/cve/CVE-2022-21699"
},
{
"category": "external",
"summary": "SUSE Bug 1194936 for CVE-2022-21699",
"url": "https://bugzilla.suse.com/1194936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.s390x",
"openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.x86_64",
"openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.s390x",
"openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.x86_64",
"openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.s390x",
"openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.s390x",
"openSUSE Tumbleweed:python310-ipython-8.0.1-1.1.x86_64",
"openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.s390x",
"openSUSE Tumbleweed:python38-ipython-8.0.1-1.1.x86_64",
"openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.aarch64",
"openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.ppc64le",
"openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.s390x",
"openSUSE Tumbleweed:python39-ipython-8.0.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-21699"
}
]
}
GHSA-PQ7M-3GW7-GQ5X
Vulnerability from github – Published: 2022-01-21 18:55 – Updated: 2024-09-27 17:22
VLAI?
Summary
Execution with Unnecessary Privileges in ipython
Details
We’d like to disclose an arbitrary code execution vulnerability in IPython that stems from IPython executing untrusted files in CWD. This vulnerability allows one user to run code as another.
Proof of concept
User1:
mkdir -m 777 /tmp/profile_default
mkdir -m 777 /tmp/profile_default/startup
echo 'print("stealing your private secrets")' > /tmp/profile_default/startup/foo.py
User2:
cd /tmp
ipython
User2 will see:
Python 3.9.7 (default, Oct 25 2021, 01:04:21)
Type 'copyright', 'credits' or 'license' for more information
IPython 7.29.0 -- An enhanced Interactive Python. Type '?' for help.
stealing your private secrets
Patched release and documentation
See https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699,
Version 8.0.1, 7.31.1 for current Python version are recommended. Version 7.16.3 has also been published for Python 3.6 users, Version 5.11 (source only, 5.x branch on github) for older Python versions.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ipython"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ipython"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "7.16.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ipython"
},
"ranges": [
{
"events": [
{
"introduced": "7.17.0"
},
{
"fixed": "7.31.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "ipython"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-21699"
],
"database_specific": {
"cwe_ids": [
"CWE-250",
"CWE-269",
"CWE-279"
],
"github_reviewed": true,
"github_reviewed_at": "2022-01-19T21:26:17Z",
"nvd_published_at": "2022-01-19T22:15:00Z",
"severity": "HIGH"
},
"details": "We\u2019d like to disclose an arbitrary code execution vulnerability in IPython that stems from IPython executing untrusted files in CWD. This vulnerability allows one user to run code as another.\n \nProof of concept\n\nUser1:\n```\nmkdir -m 777 /tmp/profile_default\nmkdir -m 777 /tmp/profile_default/startup\necho \u0027print(\"stealing your private secrets\")\u0027 \u003e /tmp/profile_default/startup/foo.py\n```\n\nUser2:\n```\ncd /tmp\nipython\n```\n\n \n\nUser2 will see:\n```\nPython 3.9.7 (default, Oct 25 2021, 01:04:21)\nType \u0027copyright\u0027, \u0027credits\u0027 or \u0027license\u0027 for more information\nIPython 7.29.0 -- An enhanced Interactive Python. Type \u0027?\u0027 for help.\nstealing your private secrets\n```\n\n\n## Patched release and documentation\n\nSee https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699, \n\nVersion 8.0.1, 7.31.1 for current Python version are recommended. \nVersion 7.16.3 has also been published for Python 3.6 users, \nVersion 5.11 (source only, 5.x branch on github) for older Python versions.",
"id": "GHSA-pq7m-3gw7-gq5x",
"modified": "2024-09-27T17:22:07Z",
"published": "2022-01-21T18:55:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21699"
},
{
"type": "WEB",
"url": "https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668"
},
{
"type": "WEB",
"url": "https://github.com/ipython/ipython/commit/5fa1e409d2dc126c456510c16ece18e08b524e5b"
},
{
"type": "WEB",
"url": "https://github.com/ipython/ipython/commit/67ca2b3aa9039438e6f80e3fccca556f26100b4d"
},
{
"type": "WEB",
"url": "https://github.com/ipython/ipython/commit/a06ca837273271b4acb82c29be97c0b6d12a30ea"
},
{
"type": "PACKAGE",
"url": "https://github.com/ipython/ipython"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/ipython/PYSEC-2022-12.yaml"
},
{
"type": "WEB",
"url": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P",
"type": "CVSS_V4"
}
],
"summary": "Execution with Unnecessary Privileges in ipython"
}
GSD-2022-21699
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-21699",
"description": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.",
"id": "GSD-2022-21699",
"references": [
"https://www.suse.com/security/cve/CVE-2022-21699.html",
"https://www.debian.org/security/2022/dsa-5065",
"https://advisories.mageia.org/CVE-2022-21699.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-21699"
],
"details": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.",
"id": "GSD-2022-21699",
"modified": "2023-12-13T01:19:14.349475Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21699",
"STATE": "PUBLIC",
"TITLE": "Execution with Unnecessary Privileges in ipython"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ipython",
"version": {
"version_data": [
{
"version_value": "\u003c 5.11"
},
{
"version_value": "\u003e= 6.0.0, \u003c 7.16.3"
},
{
"version_value": "\u003e= 7.17.0, \u003c 7.31.1"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.0.1"
}
]
}
}
]
},
"vendor_name": "ipython"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-250: Execution with Unnecessary Privileges"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-279: Incorrect Execution-Assigned Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x",
"refsource": "CONFIRM",
"url": "https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x"
},
{
"name": "https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668",
"refsource": "MISC",
"url": "https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668"
},
{
"name": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699",
"refsource": "MISC",
"url": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699"
},
{
"name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html"
},
{
"name": "FEDORA-2022-b58d156ab0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/"
},
{
"name": "FEDORA-2022-b9e38f8a56",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/"
}
]
},
"source": {
"advisory": "GHSA-pq7m-3gw7-gq5x",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=5.10.0||\u003e=6.0.0,\u003c7.16.3||\u003e=7.17.0,\u003c7.31.1||\u003e=8.0.0,\u003c8.0.1",
"affected_versions": "All versions up to 5.10.0, all versions starting from 6.0.0 before 7.16.3, all versions starting from 7.17.0 before 7.31.1, all versions starting from 8.0.0 before 8.0.1",
"cvss_v2": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-250",
"CWE-937"
],
"date": "2022-03-25",
"description": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language.This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.",
"fixed_versions": [
"7.16.3",
"7.31.1",
"8.0.1"
],
"identifier": "CVE-2022-21699",
"identifiers": [
"CVE-2022-21699",
"GHSA-pq7m-3gw7-gq5x"
],
"not_impacted": "All versions after 5.10.0 before 6.0.0, all versions starting from 7.16.3 before 7.17.0, all versions starting from 7.31.1 before 8.0.0, all versions starting from 8.0.1",
"package_slug": "pypi/ipython",
"pubdate": "2022-01-19",
"solution": "Upgrade to versions 7.16.3, 7.31.1, 8.0.1 or above.",
"title": "Improper Privilege Management",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-21699",
"https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699",
"https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x",
"https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668",
"https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html"
],
"uuid": "b4534551-5fba-4bec-abaa-e8390e815a96"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.10.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.16.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.31.1",
"versionStartIncluding": "7.17.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.0.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-21699"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
},
{
"lang": "en",
"value": "CWE-279"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699",
"refsource": "MISC",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699"
},
{
"name": "https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x"
},
{
"name": "https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668"
},
{
"name": "[debian-lts-announce] 20220124 [SECURITY] [DLA 2896-1] ipython security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html"
},
{
"name": "FEDORA-2022-b9e38f8a56",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/"
},
{
"name": "FEDORA-2022-b58d156ab0",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
},
"lastModifiedDate": "2022-03-25T15:04Z",
"publishedDate": "2022-01-19T22:15Z"
}
}
}
WID-SEC-W-2024-0064
Vulnerability from csaf_certbund - Published: 2024-01-10 23:00 - Updated: 2025-04-10 22:00Summary
Juniper Produkte: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird.
SRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.
Bei den Switches der Juniper EX-Serie handelt es sich um Access- und Aggregations-/Core-Layer-Switches.
Die Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren.
Die Juniper MX-Serie ist eine Produktfamilie von Routern.
Angriff
Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter, lokaler oder physischer Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper JUNOS Evolved, Juniper SRX Series, Juniper EX Series, Juniper QFX Series, Juniper ACX Series, Juniper PTX Series und Juniper MX Series ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuführen und seine Berechtigungen zu erweitern.
Betroffene Betriebssysteme
- Appliance
- BIOS/Firmware
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nSRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.\r\nBei den Switches der Juniper EX-Serie handelt es sich um Access- und Aggregations-/Core-Layer-Switches.\r\nDie Switches der QFX-Serie von Juniper sichern und automatisieren Netzwerke in Rechenzentren. \r\nDie Juniper MX-Serie ist eine Produktfamilie von Routern.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer aus dem angrenzenden Netzwerk oder ein entfernter, anonymer, authentisierter, lokaler oder physischer Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper JUNOS Evolved, Juniper SRX Series, Juniper EX Series, Juniper QFX Series, Juniper ACX Series, Juniper PTX Series und Juniper MX Series ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand herbeizuf\u00fchren und seine Berechtigungen zu erweitern.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Appliance\n- BIOS/Firmware",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-0064 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0064.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-0064 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0064"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA11272 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA11272"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75233 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75233"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75721 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75721"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75723 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75723"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75725 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75725"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75727 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75727"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75729 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75729"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75730 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75730"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75733 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75733"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75734 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75734"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75735 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75735"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75736 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75736"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75737 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75737"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75738 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75738"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75740 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75740"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75741 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75741"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75742 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75742"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75743 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75743"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75744 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75744"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75745 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75745"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75747 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75747"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75748 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75748"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75752 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75752"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75753 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75753"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75754 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75754"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75755 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75755"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75757 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75757"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA75758 vom 2024-01-10",
"url": "https://supportportal.juniper.net/JSA75758"
},
{
"category": "external",
"summary": "Juniper Security Bulletin",
"url": "https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R2-release?language=en_US"
}
],
"source_lang": "en-US",
"title": "Juniper Produkte: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-10T22:00:00.000+00:00",
"generator": {
"date": "2025-04-11T08:49:58.286+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2024-0064",
"initial_release_date": "2024-01-10T23:00:00.000+00:00",
"revision_history": [
{
"date": "2024-01-10T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-04-10T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Juniper EX Series",
"product": {
"name": "Juniper EX Series",
"product_id": "T019811",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:ex:-"
}
}
},
{
"category": "product_version",
"name": "4600",
"product": {
"name": "Juniper EX Series 4600",
"product_id": "T021598",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:ex:ex4600"
}
}
},
{
"category": "product_version",
"name": "4100",
"product": {
"name": "Juniper EX Series 4100",
"product_id": "T030475",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:ex:4100"
}
}
},
{
"category": "product_version",
"name": "4400",
"product": {
"name": "Juniper EX Series 4400",
"product_id": "T030476",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:ex:4400"
}
}
},
{
"category": "product_version",
"name": "EX9200",
"product": {
"name": "Juniper EX Series EX9200",
"product_id": "T031997",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:ex:ex9200"
}
}
}
],
"category": "product_name",
"name": "EX Series"
},
{
"branches": [
{
"category": "product_version",
"name": "Evolved",
"product": {
"name": "Juniper JUNOS Evolved",
"product_id": "T018886",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:evolved"
}
}
},
{
"category": "product_version",
"name": "PTX Series",
"product": {
"name": "Juniper JUNOS PTX Series",
"product_id": "T023853",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:ptx_series"
}
}
},
{
"category": "product_name",
"name": "Juniper JUNOS",
"product": {
"name": "Juniper JUNOS",
"product_id": "T030471",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:-"
}
}
},
{
"category": "product_version",
"name": "ACX7024",
"product": {
"name": "Juniper JUNOS ACX7024",
"product_id": "T031994",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:acx7024"
}
}
},
{
"category": "product_version",
"name": "ACX7100-32C",
"product": {
"name": "Juniper JUNOS ACX7100-32C",
"product_id": "T031995",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:acx7100-32c"
}
}
},
{
"category": "product_version",
"name": "ACX7100-48L",
"product": {
"name": "Juniper JUNOS ACX7100-48L",
"product_id": "T031996",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:acx7100-48l"
}
}
}
],
"category": "product_name",
"name": "JUNOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c24.1R2",
"product": {
"name": "Juniper Junos Space \u003c24.1R2",
"product_id": "T040074"
}
},
{
"category": "product_version",
"name": "24.1R2",
"product": {
"name": "Juniper Junos Space 24.1R2",
"product_id": "T040074-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:juniper:junos_space:24.1r2"
}
}
}
],
"category": "product_name",
"name": "Junos Space"
},
{
"category": "product_name",
"name": "Juniper MX Series",
"product": {
"name": "Juniper MX Series",
"product_id": "918766",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:mx:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "5000",
"product": {
"name": "Juniper QFX Series 5000",
"product_id": "T021597",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:qfx:qfx5000"
}
}
}
],
"category": "product_name",
"name": "QFX Series"
},
{
"category": "product_name",
"name": "Juniper SRX Series",
"product": {
"name": "Juniper SRX Series",
"product_id": "T021593",
"product_identification_helper": {
"cpe": "cpe:/h:juniper:srx_service_gateways:-"
}
}
}
],
"category": "vendor",
"name": "Juniper"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-2183",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2016-2183"
},
{
"cve": "CVE-2019-17571",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2019-17571"
},
{
"cve": "CVE-2020-0465",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2020-0465"
},
{
"cve": "CVE-2020-0466",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2020-0466"
},
{
"cve": "CVE-2020-12321",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2020-12321"
},
{
"cve": "CVE-2020-9493",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2020-9493"
},
{
"cve": "CVE-2021-0920",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-0920"
},
{
"cve": "CVE-2021-25220",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-25220"
},
{
"cve": "CVE-2021-26341",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-26341"
},
{
"cve": "CVE-2021-26691",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-26691"
},
{
"cve": "CVE-2021-33655",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-33655"
},
{
"cve": "CVE-2021-33656",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-33656"
},
{
"cve": "CVE-2021-34798",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-34798"
},
{
"cve": "CVE-2021-3564",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-3564"
},
{
"cve": "CVE-2021-3573",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-3573"
},
{
"cve": "CVE-2021-3621",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-3621"
},
{
"cve": "CVE-2021-3752",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-3752"
},
{
"cve": "CVE-2021-39275",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-39275"
},
{
"cve": "CVE-2021-4155",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-4155"
},
{
"cve": "CVE-2021-44228",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-44228"
},
{
"cve": "CVE-2021-44790",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-44790"
},
{
"cve": "CVE-2021-44832",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2021-44832"
},
{
"cve": "CVE-2022-0330",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-0330"
},
{
"cve": "CVE-2022-0934",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-0934"
},
{
"cve": "CVE-2022-1462",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-1462"
},
{
"cve": "CVE-2022-1679",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-1679"
},
{
"cve": "CVE-2022-1789",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-1789"
},
{
"cve": "CVE-2022-20141",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-20141"
},
{
"cve": "CVE-2022-21699",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-21699"
},
{
"cve": "CVE-2022-2196",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-2196"
},
{
"cve": "CVE-2022-22942",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-22942"
},
{
"cve": "CVE-2022-23302",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-23302"
},
{
"cve": "CVE-2022-23305",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-23305"
},
{
"cve": "CVE-2022-23307",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-23307"
},
{
"cve": "CVE-2022-25265",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-25265"
},
{
"cve": "CVE-2022-2663",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-2663"
},
{
"cve": "CVE-2022-2795",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-2795"
},
{
"cve": "CVE-2022-2873",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-2873"
},
{
"cve": "CVE-2022-2964",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-2964"
},
{
"cve": "CVE-2022-3028",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-3028"
},
{
"cve": "CVE-2022-30594",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-30594"
},
{
"cve": "CVE-2022-3239",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-3239"
},
{
"cve": "CVE-2022-3524",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-3524"
},
{
"cve": "CVE-2022-3564",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-3564"
},
{
"cve": "CVE-2022-3566",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-3566"
},
{
"cve": "CVE-2022-3567",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-3567"
},
{
"cve": "CVE-2022-3619",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-3619"
},
{
"cve": "CVE-2022-3623",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-3623"
},
{
"cve": "CVE-2022-3625",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-3625"
},
{
"cve": "CVE-2022-3628",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-3628"
},
{
"cve": "CVE-2022-3707",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-3707"
},
{
"cve": "CVE-2022-37434",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-37434"
},
{
"cve": "CVE-2022-38023",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-38023"
},
{
"cve": "CVE-2022-39188",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-39188"
},
{
"cve": "CVE-2022-39189",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-39189"
},
{
"cve": "CVE-2022-41218",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-41218"
},
{
"cve": "CVE-2022-41222",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-41222"
},
{
"cve": "CVE-2022-4129",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-4129"
},
{
"cve": "CVE-2022-4139",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-4139"
},
{
"cve": "CVE-2022-41674",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-41674"
},
{
"cve": "CVE-2022-41974",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-41974"
},
{
"cve": "CVE-2022-4254",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-4254"
},
{
"cve": "CVE-2022-4269",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-4269"
},
{
"cve": "CVE-2022-42703",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-42703"
},
{
"cve": "CVE-2022-42720",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-42720"
},
{
"cve": "CVE-2022-42721",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-42721"
},
{
"cve": "CVE-2022-42722",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-42722"
},
{
"cve": "CVE-2022-42896",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-42896"
},
{
"cve": "CVE-2022-43750",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-43750"
},
{
"cve": "CVE-2022-4378",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-4378"
},
{
"cve": "CVE-2022-43945",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-43945"
},
{
"cve": "CVE-2022-47929",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2022-47929"
},
{
"cve": "CVE-2023-0266",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-0266"
},
{
"cve": "CVE-2023-0286",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-0286"
},
{
"cve": "CVE-2023-0386",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-0386"
},
{
"cve": "CVE-2023-0394",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-0394"
},
{
"cve": "CVE-2023-0461",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-0461"
},
{
"cve": "CVE-2023-0767",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-0767"
},
{
"cve": "CVE-2023-1195",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-1195"
},
{
"cve": "CVE-2023-1281",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-1281"
},
{
"cve": "CVE-2023-1582",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-1582"
},
{
"cve": "CVE-2023-1829",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-1829"
},
{
"cve": "CVE-2023-20569",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-20569"
},
{
"cve": "CVE-2023-20593",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-20593"
},
{
"cve": "CVE-2023-2124",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-2124"
},
{
"cve": "CVE-2023-21830",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-21830"
},
{
"cve": "CVE-2023-21843",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-21843"
},
{
"cve": "CVE-2023-21930",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-21930"
},
{
"cve": "CVE-2023-21937",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-21937"
},
{
"cve": "CVE-2023-21938",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-21938"
},
{
"cve": "CVE-2023-21939",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-21939"
},
{
"cve": "CVE-2023-2194",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-2194"
},
{
"cve": "CVE-2023-21954",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-21954"
},
{
"cve": "CVE-2023-21967",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-21967"
},
{
"cve": "CVE-2023-21968",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-21968"
},
{
"cve": "CVE-2023-22045",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-22045"
},
{
"cve": "CVE-2023-22049",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-22049"
},
{
"cve": "CVE-2023-22081",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-22081"
},
{
"cve": "CVE-2023-2235",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-2235"
},
{
"cve": "CVE-2023-22809",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-22809"
},
{
"cve": "CVE-2023-23454",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-23454"
},
{
"cve": "CVE-2023-23918",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-23918"
},
{
"cve": "CVE-2023-23920",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-23920"
},
{
"cve": "CVE-2023-24329",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-24329"
},
{
"cve": "CVE-2023-26464",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-26464"
},
{
"cve": "CVE-2023-2650",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-2650"
},
{
"cve": "CVE-2023-2828",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-2828"
},
{
"cve": "CVE-2023-32067",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-32067"
},
{
"cve": "CVE-2023-32360",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-32360"
},
{
"cve": "CVE-2023-3341",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-3341"
},
{
"cve": "CVE-2023-3446",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-3446"
},
{
"cve": "CVE-2023-36842",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-36842"
},
{
"cve": "CVE-2023-3817",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-3817"
},
{
"cve": "CVE-2023-38408",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-38408"
},
{
"cve": "CVE-2023-38802",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2023-38802"
},
{
"cve": "CVE-2024-21585",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21585"
},
{
"cve": "CVE-2024-21587",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21587"
},
{
"cve": "CVE-2024-21589",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21589"
},
{
"cve": "CVE-2024-21591",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21591"
},
{
"cve": "CVE-2024-21594",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21594"
},
{
"cve": "CVE-2024-21595",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21595"
},
{
"cve": "CVE-2024-21596",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21596"
},
{
"cve": "CVE-2024-21597",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21597"
},
{
"cve": "CVE-2024-21599",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21599"
},
{
"cve": "CVE-2024-21600",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21600"
},
{
"cve": "CVE-2024-21601",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21601"
},
{
"cve": "CVE-2024-21602",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21602"
},
{
"cve": "CVE-2024-21603",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21603"
},
{
"cve": "CVE-2024-21604",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21604"
},
{
"cve": "CVE-2024-21606",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21606"
},
{
"cve": "CVE-2024-21607",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21607"
},
{
"cve": "CVE-2024-21611",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21611"
},
{
"cve": "CVE-2024-21612",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21612"
},
{
"cve": "CVE-2024-21613",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21613"
},
{
"cve": "CVE-2024-21614",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21614"
},
{
"cve": "CVE-2024-21616",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21616"
},
{
"cve": "CVE-2024-21617",
"product_status": {
"known_affected": [
"T030475",
"T031995",
"T030476",
"T031994",
"T031997",
"T031996",
"918766",
"T030471",
"T021598",
"T040074",
"T018886",
"T021597",
"T019811",
"T023853",
"T021593"
]
},
"release_date": "2024-01-10T23:00:00.000+00:00",
"title": "CVE-2024-21617"
}
]
}
PYSEC-2022-12
Vulnerability from pysec - Published: 2022-01-19 22:15 - Updated: 2022-01-26 19:22
VLAI?
Details
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
Impacted products
| Name | purl | ipython | pkg:pypi/ipython |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "ipython",
"purl": "pkg:pypi/ipython"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "46a51ed69cdf41b4333943d9ceeb945c4ede5668"
}
],
"repo": "https://github.com/ipython/ipython",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.0rc1"
},
{
"introduced": "6.0.0"
},
{
"fixed": "7.16.3"
},
{
"introduced": "7.17.0"
},
{
"fixed": "7.31.1"
},
{
"introduced": "8.0.0"
},
{
"fixed": "8.0.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10",
"0.10.1",
"0.10.2",
"0.11",
"0.12",
"0.12.1",
"0.13",
"0.13.1",
"0.13.2",
"0.6.10",
"0.6.11",
"0.6.12",
"0.6.13",
"0.6.14",
"0.6.15",
"0.6.4",
"0.6.5",
"0.6.6",
"0.6.7",
"0.6.8",
"0.6.9",
"0.7.0",
"0.7.1",
"0.7.1.fix1",
"0.7.2",
"0.7.3",
"0.7.4.svn.r2010",
"0.8.0",
"0.8.1",
"0.8.2",
"0.8.3",
"0.8.4",
"0.9",
"0.9.1",
"1.0.0",
"1.1.0",
"1.2.0",
"1.2.1",
"2.0.0",
"2.1.0",
"2.2.0",
"2.3.0",
"2.3.1",
"2.4.0",
"2.4.1",
"3.0.0",
"3.1.0",
"3.2.0",
"3.2.1",
"3.2.2",
"3.2.3",
"4.0.0",
"4.0.0-b1",
"4.0.0b1",
"4.0.1",
"4.0.2",
"4.0.3",
"4.1.0",
"4.1.0rc1",
"4.1.0rc2",
"4.1.1",
"4.1.2",
"4.2.0",
"4.2.1",
"5.0.0",
"5.0.0b1",
"5.0.0b2",
"5.0.0b3",
"5.0.0b4",
"5.0.0rc1",
"5.1.0",
"5.10.0",
"5.2.0",
"5.2.1",
"5.2.2",
"5.3.0",
"5.4.0",
"5.4.1",
"5.5.0",
"5.6.0",
"5.7.0",
"5.8.0",
"5.9.0",
"6.0.0",
"6.1.0",
"6.2.0",
"6.2.1",
"6.3.0",
"6.3.1",
"6.4.0",
"6.5.0",
"7.0.0",
"7.0.0b1",
"7.0.0rc1",
"7.0.1",
"7.1.0",
"7.1.1",
"7.10.0",
"7.10.1",
"7.10.2",
"7.11.0",
"7.11.1",
"7.12.0",
"7.13.0",
"7.14.0",
"7.15.0",
"7.16.0",
"7.16.1",
"7.16.2",
"7.17.0",
"7.18.0",
"7.18.1",
"7.19.0",
"7.2.0",
"7.20.0",
"7.21.0",
"7.22.0",
"7.23.0",
"7.23.1",
"7.24.0",
"7.24.1",
"7.25.0",
"7.26.0",
"7.27.0",
"7.28.0",
"7.29.0",
"7.3.0",
"7.30.0",
"7.30.1",
"7.31.0",
"7.4.0",
"7.5.0",
"7.6.0",
"7.6.1",
"7.7.0",
"7.8.0",
"7.9.0",
"8.0.0"
]
}
],
"aliases": [
"CVE-2022-21699",
"GHSA-pq7m-3gw7-gq5x"
],
"details": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.",
"id": "PYSEC-2022-12",
"modified": "2022-01-26T19:22:31.675139Z",
"published": "2022-01-19T22:15:00Z",
"references": [
{
"type": "WEB",
"url": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699"
},
{
"type": "ADVISORY",
"url": "https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x"
},
{
"type": "FIX",
"url": "https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html"
}
]
}
FKIE_CVE-2022-21699
Vulnerability from fkie_nvd - Published: 2022-01-19 22:15 - Updated: 2024-11-21 06:45
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668 | Patch, Third Party Advisory | |
| security-advisories@github.com | https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x | Exploit, Third Party Advisory | |
| security-advisories@github.com | https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699 | Release Notes, Third Party Advisory | |
| security-advisories@github.com | https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html | Mailing List, Third Party Advisory | |
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/ | ||
| security-advisories@github.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ipython | ipython | * | |
| ipython | ipython | * | |
| ipython | ipython | * | |
| ipython | ipython | * | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20A91357-8D8B-45C5-820C-369BB5EA502F",
"versionEndIncluding": "5.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD1676DE-BE33-4992-9A42-1293B5D4A667",
"versionEndExcluding": "7.16.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91125C7A-AEB7-4B1C-AB63-0F3374CF1735",
"versionEndExcluding": "7.31.1",
"versionStartIncluding": "7.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ipython:ipython:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB4B7D2-9DFF-4454-BD7C-5686546CC209",
"versionEndExcluding": "8.0.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade."
},
{
"lang": "es",
"value": "IPython (Interactive Python) es un shell de comandos para la computaci\u00f3n interactiva en m\u00faltiples lenguajes de programaci\u00f3n, desarrollado originalmente para el lenguaje de programaci\u00f3n Python. Las versiones afectadas est\u00e1n sujetas a una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo arbitrario conseguida al no administrar apropiadamente los archivos temporales de los usuarios. Esta vulnerabilidad permite a un usuario ejecutar c\u00f3digo como otro en la misma m\u00e1quina. Se recomienda a todos los usuarios que actualicen"
}
],
"id": "CVE-2022-21699",
"lastModified": "2024-11-21T06:45:15.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-19T22:15:09.470",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x"
},
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/"
},
{
"source": "security-advisories@github.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ipython/ipython/commit/46a51ed69cdf41b4333943d9ceeb945c4ede5668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/ipython/ipython/security/advisories/GHSA-pq7m-3gw7-gq5x"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://ipython.readthedocs.io/en/stable/whatsnew/version8.html#ipython-8-0-1-cve-2022-21699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CRQRTWHYXMLDJ572VGVUZMUPEOTPM3KB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZ7LVZBB4D7KVSFNEQUBEHFO3JW6D2ZK/"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-250"
},
{
"lang": "en",
"value": "CWE-279"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…