Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-41072 (GCVE-0-2021-41072)
Vulnerability from cvelistv5 – Published: 2021-09-14 00:00 – Updated: 2024-08-04 02:59
VLAI?
EPSS
Summary
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:59:31.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405"
},
{
"name": "DSA-4987",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4987"
},
{
"name": "[debian-lts-announce] 20211020 [SECURITY] [DLA 2789-1] squashfs-tools security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html"
},
{
"name": "GLSA-202305-29",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-29"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd"
},
{
"url": "https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405"
},
{
"name": "DSA-4987",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4987"
},
{
"name": "[debian-lts-announce] 20211020 [SECURITY] [DLA 2789-1] squashfs-tools security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html"
},
{
"name": "GLSA-202305-29",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-29"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41072",
"datePublished": "2021-09-14T00:00:00.000Z",
"dateReserved": "2021-09-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:59:31.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41072
Vulnerability from osv_almalinux
Published
2024-05-22 00:00
Modified
2024-05-29 14:39
Summary
Moderate: squashfs-tools security update
Details
SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems.
Security Fix(es):
- squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153)
- squashfs-tools: possible Directory Traversal via symbolic link (CVE-2021-41072)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "squashfs-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.3-21.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems.\n\nSecurity Fix(es):\n\n* squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153)\n* squashfs-tools: possible Directory Traversal via symbolic link (CVE-2021-41072)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2024:3139",
"modified": "2024-05-29T14:39:42Z",
"published": "2024-05-22T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:3139"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-40153"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-41072"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1998621"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2004957"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-3139.html"
}
],
"related": [
"CVE-2021-40153",
"CVE-2021-41072"
],
"summary": "Moderate: squashfs-tools security update"
}
CVE-2021-41072
Vulnerability from osv_almalinux
Published
2024-04-30 00:00
Modified
2024-05-07 14:54
Summary
Moderate: squashfs-tools security update
Details
SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems.
Security Fix(es):
- squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153)
- squashfs-tools: possible Directory Traversal via symbolic link (CVE-2021-41072)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "squashfs-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.4-10.git1.el9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "SquashFS is a highly compressed read-only file system for Linux. These packages contain the utilities for manipulating squashfs file systems.\n\nSecurity Fix(es):\n\n* squashfs-tools: unvalidated filepaths allow writing outside of destination (CVE-2021-40153)\n* squashfs-tools: possible Directory Traversal via symbolic link (CVE-2021-41072)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2024:2396",
"modified": "2024-05-07T14:54:12Z",
"published": "2024-04-30T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:2396"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-40153"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2021-41072"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/1998621"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2004957"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-2396.html"
}
],
"related": [
"CVE-2021-40153",
"CVE-2021-41072"
],
"summary": "Moderate: squashfs-tools security update"
}
GSD-2021-41072
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-41072",
"description": "squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.",
"id": "GSD-2021-41072",
"references": [
"https://www.debian.org/security/2021/dsa-4987",
"https://ubuntu.com/security/CVE-2021-41072",
"https://advisories.mageia.org/CVE-2021-41072.html",
"https://security.archlinux.org/CVE-2021-41072",
"https://www.suse.com/security/cve/CVE-2021-41072.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-41072"
],
"details": "squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.",
"id": "GSD-2021-41072",
"modified": "2023-12-13T01:23:27.138833Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd",
"refsource": "MISC",
"url": "https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd"
},
{
"name": "https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405",
"refsource": "MISC",
"url": "https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405"
},
{
"name": "DSA-4987",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4987"
},
{
"name": "[debian-lts-announce] 20211020 [SECURITY] [DLA 2789-1] squashfs-tools security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html"
},
{
"name": "GLSA-202305-29",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202305-29"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:squashfs-tools_project:squashfs-tools:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41072"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405"
},
{
"name": "https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd"
},
{
"name": "DSA-4987",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4987"
},
{
"name": "[debian-lts-announce] 20211020 [SECURITY] [DLA 2789-1] squashfs-tools security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html"
},
{
"name": "GLSA-202305-29",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/202305-29"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2023-05-30T06:15Z",
"publishedDate": "2021-09-14T01:15Z"
}
}
}
CVE-2021-41072
Vulnerability from fstec - Published: 10.09.2019
VLAI Severity ?
Title
Уязвимость функции squashfs_opendir компонента unsquash-2.c набора инструментов для создания и извлечения файловых систем Squashfs Squashfs-Tools, связанная с неверным определением символических ссылок перед доступом к файлу, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
Description
Уязвимость функции squashfs_opendir компонента unsquash-2.c набора инструментов для создания и извлечения файловых систем Squashfs Squashfs-Tools связана с неверным определением символических ссылок перед доступом к файлу. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, нарушить целостность данных, а также вызвать отказ в обслуживании
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Phillip Lougher, АО «ИВК», АО "НППКТ", АО «Концерн ВНИИНС», АО «НТЦ ИТ РОСА», ООО «НЦПР»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Squashfs-Tools, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308), МСВСфера
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 11 (Debian GNU/Linux), до 4.5 включительно (Squashfs-Tools), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (Альт 8 СП), до 2.4 (ОСОН ОСнова Оnyx), до 16.01.2023 (ОС ОН «Стрелец»), 3.0 (ROSA Virtualization 3.0), 9.5 (МСВСфера)
Possible Mitigations
Использование рекомендаций:
Для Squashfs-Tools:
https://github.com/plougher/squashfs-tools/issues/72
Для ОС Debian:
https://security-tracker.debian.org/tracker/CVE-2021-41072
Для Astra Linux:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211126SE16
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
Для Альт 8 СП:
https://altsp.su/obnovleniya-bezopasnosti/
Для ОСОН Основа:
Обновление программного обеспечения squashfs-tools до версии 1:4.3-12+deb10u2
Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»:
обновить пакет squashfs-tools до 1:4.3-3+deb9u3 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОС ОН «Стрелец»:
Обновление программного обеспечения squashfs-tools до версии 1:4.3-3+deb9u3
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2819
Для МСВСфера: https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:2396?lang=ru
Reference
https://github.com/plougher/squashfs-tools/commit/19fcc9365dcdb2c22d232d42d11012940df64b7c
https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd
https://github.com/plougher/squashfs-tools/issues/72
https://nvd.nist.gov/vuln/detail/CVE-2021-41072
https://security-tracker.debian.org/tracker/CVE-2021-41072
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20211126SE16
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47
https://altsp.su/obnovleniya-bezopasnosti/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4/
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://abf.rosa.ru/advisories/ROSA-SA-2025-2819
https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:2396?lang=ru
CWE
CWE-59
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Phillip Lougher, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 11 (Debian GNU/Linux), \u0434\u043e 4.5 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Squashfs-Tools), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.4 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 3.0 (ROSA Virtualization 3.0), 9.5 (\u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Squashfs-Tools:\nhttps://github.com/plougher/squashfs-tools/issues/72\n\n\u0414\u043b\u044f \u041e\u0421 Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2021-41072\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211126SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\n\n\u0414\u043b\u044f \u0410\u043b\u044c\u0442 8 \u0421\u041f:\nhttps://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f squashfs-tools \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:4.3-12+deb10u2\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 squashfs-tools \u0434\u043e 1:4.3-3+deb9u3 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f squashfs-tools \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1:4.3-3+deb9u3\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2819\n\n\u0414\u043b\u044f \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430: https://errata.msvsphere-os.ru/definition/9/INFCSA-2024:2396?lang=ru",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.09.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.11.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "21.12.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-06307",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-41072",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Squashfs-Tools, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308), \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308), \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430 9.5 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 squashfs_opendir \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 unsquash-2.c \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Squashfs Squashfs-Tools, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u0438\u043c\u0432\u043e\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u0441\u044b\u043b\u043e\u043a \u043f\u0435\u0440\u0435\u0434 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0444\u0430\u0439\u043b\u0443, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435 \u0441\u0441\u044b\u043b\u043a\u0438 \u043f\u0435\u0440\u0435\u0434 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0444\u0430\u0439\u043b\u0443 (CWE-59)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 squashfs_opendir \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 unsquash-2.c \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0434\u043b\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044f \u0438 \u0438\u0437\u0432\u043b\u0435\u0447\u0435\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Squashfs Squashfs-Tools \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0432\u0435\u0440\u043d\u044b\u043c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u0441\u0438\u043c\u0432\u043e\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u0441\u0441\u044b\u043b\u043e\u043a \u043f\u0435\u0440\u0435\u0434 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0444\u0430\u0439\u043b\u0443. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/plougher/squashfs-tools/commit/19fcc9365dcdb2c22d232d42d11012940df64b7c\nhttps://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd\nhttps://github.com/plougher/squashfs-tools/issues/72\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-41072\nhttps://security-tracker.debian.org/tracker/CVE-2021-41072\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20211126SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2021-1126SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0114SE47\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4/\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2819\nhttps://errata.msvsphere-os.ru/definition/9/INFCSA-2024:2396?lang=ru",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-59",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}
CERTFR-2024-AVI-0579
Vulnerability from certfr_avis - Published: 2024-07-12 - Updated: 2024-07-12
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | Spectrum Control versions antérieures à 5.4.12 | ||
| IBM | WebSphere | WebSphere Application Server versions 8.5.x antérieures à 8.5.5.25 sans le correctif de sécurité PH61489 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x antérieures à 9.0.5.20 sans le correctif de sécurité PH61489 | ||
| IBM | QRadar | QRadar Deployment Intelligence App versions antérieures à 3.0.14 | ||
| IBM | QRadar | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP9 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions antérieures à 1.10.23.0 | ||
| IBM | AIX | AIX versions 7.2 et 7.3 sans le correctif de sécurité 9211224a.240708.epkg.Z | ||
| IBM | QRadar | QRadar Suite Software versions antérieures à 1.10.23.0 | ||
| IBM | QRadar | Security QRadar EDR versions antérieures à 3.12.9 | ||
| IBM | VIOS | VIOS versions 3.1 et 4.1 sans le correctif de sécurité 9211224a.240708.epkg.Z | ||
| IBM | QRadar | QRadar WinCollect Agent versions antérieures à 10.1.11 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Spectrum Control versions ant\u00e9rieures \u00e0 5.4.12",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 8.5.x ant\u00e9rieures \u00e0 8.5.5.25 sans le correctif de s\u00e9curit\u00e9 PH61489",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x ant\u00e9rieures \u00e0 9.0.5.20 sans le correctif de s\u00e9curit\u00e9 PH61489",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Deployment Intelligence App versions ant\u00e9rieures \u00e0 3.0.14",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP9",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.10.23.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX versions 7.2 et 7.3 sans le correctif de s\u00e9curit\u00e9 9211224a.240708.epkg.Z",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.10.23.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.9",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS versions 3.1 et 4.1 sans le correctif de s\u00e9curit\u00e9 9211224a.240708.epkg.Z",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar WinCollect Agent versions ant\u00e9rieures \u00e0 10.1.11",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2024-1597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2024-35154",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35154"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-22353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
},
{
"name": "CVE-2024-3772",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3772"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2024-2466",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2466"
},
{
"name": "CVE-2024-28102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
},
{
"name": "CVE-2024-34069",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34069"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2024-34997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34997"
},
{
"name": "CVE-2022-3287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3287"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2023-45802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2024-34062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34062"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
},
{
"name": "CVE-2024-28176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28176"
},
{
"name": "CVE-2024-1135",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1135"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2024-2379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2379"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2024-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2004"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-31122",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-3019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3019"
},
{
"name": "CVE-2024-5206",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5206"
},
{
"name": "CVE-2024-27088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27088"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2023-46158",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2024-6387",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
},
{
"name": "CVE-2024-25023",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25023"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2021-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"initial_release_date": "2024-07-12T00:00:00",
"last_revision_date": "2024-07-12T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0579",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159768",
"url": "https://www.ibm.com/support/pages/node/7159768"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160017",
"url": "https://www.ibm.com/support/pages/node/7160017"
},
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159781",
"url": "https://www.ibm.com/support/pages/node/7159781"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160014",
"url": "https://www.ibm.com/support/pages/node/7160014"
},
{
"published_at": "2024-07-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160134",
"url": "https://www.ibm.com/support/pages/node/7160134"
},
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159771",
"url": "https://www.ibm.com/support/pages/node/7159771"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159867",
"url": "https://www.ibm.com/support/pages/node/7159867"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159865",
"url": "https://www.ibm.com/support/pages/node/7159865"
},
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159527",
"url": "https://www.ibm.com/support/pages/node/7159527"
},
{
"published_at": "2024-07-08",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159825",
"url": "https://www.ibm.com/support/pages/node/7159825"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159934",
"url": "https://www.ibm.com/support/pages/node/7159934"
},
{
"published_at": "2024-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7159920",
"url": "https://www.ibm.com/support/pages/node/7159920"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7160013",
"url": "https://www.ibm.com/support/pages/node/7160013"
}
]
}
CERTFR-2024-AVI-0741
Vulnerability from certfr_avis - Published: 2024-09-05 - Updated: 2024-10-15
De multiples vulnérabilités ont été découvertes dans les produits Juniper Secure Analytics. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions antérieures à 7.5.0 UP9 IF02 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Secure Analytics versions ant\u00e9rieures \u00e0 7.5.0 UP9 IF02",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2024-42472",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42472"
},
{
"name": "CVE-2024-26934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26934"
},
{
"name": "CVE-2023-52477",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52477"
},
{
"name": "CVE-2023-52675",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52675"
},
{
"name": "CVE-2023-4692",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4692"
},
{
"name": "CVE-2024-27059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27059"
},
{
"name": "CVE-2024-26656",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26656"
},
{
"name": "CVE-2024-28834",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28834"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-26974",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26974"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2021-47055",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47055"
},
{
"name": "CVE-2020-36777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36777"
},
{
"name": "CVE-2023-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43788"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2023-52425",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52425"
},
{
"name": "CVE-2024-26585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26585"
},
{
"name": "CVE-2024-25744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25744"
},
{
"name": "CVE-2024-26973",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26973"
},
{
"name": "CVE-2024-33602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33602"
},
{
"name": "CVE-2024-27397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27397"
},
{
"name": "CVE-2024-35854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35854"
},
{
"name": "CVE-2023-52878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
},
{
"name": "CVE-2021-47185",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47185"
},
{
"name": "CVE-2024-23650",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23650"
},
{
"name": "CVE-2024-26603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26603"
},
{
"name": "CVE-2024-26964",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26964"
},
{
"name": "CVE-2024-5564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
},
{
"name": "CVE-2021-33198",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33198"
},
{
"name": "CVE-2024-26993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26993"
},
{
"name": "CVE-2019-25162",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25162"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2023-39321",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39321"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2023-52669",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52669"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2022-3287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3287"
},
{
"name": "CVE-2024-36004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36004"
},
{
"name": "CVE-2024-26859",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26859"
},
{
"name": "CVE-2020-13936",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13936"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-35959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35959"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2024-35855",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35855"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2024-33600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33600"
},
{
"name": "CVE-2024-3652",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3652"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2023-45802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45802"
},
{
"name": "CVE-2024-26801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26801"
},
{
"name": "CVE-2024-36007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36007"
},
{
"name": "CVE-2021-47311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47311"
},
{
"name": "CVE-2023-3635",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
},
{
"name": "CVE-2024-26643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26643"
},
{
"name": "CVE-2024-26779",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26779"
},
{
"name": "CVE-2024-32021",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32021"
},
{
"name": "CVE-2024-33599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33599"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-28180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
},
{
"name": "CVE-2024-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2024-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23307"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2023-52528",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52528"
},
{
"name": "CVE-2024-27048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27048"
},
{
"name": "CVE-2021-47013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47013"
},
{
"name": "CVE-2023-52781",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2021-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2021-47073",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47073"
},
{
"name": "CVE-2024-26804",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26804"
},
{
"name": "CVE-2024-26593",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26593"
},
{
"name": "CVE-2022-48627",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48627"
},
{
"name": "CVE-2021-47171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47171"
},
{
"name": "CVE-2024-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26743"
},
{
"name": "CVE-2023-52686",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52686"
},
{
"name": "CVE-2021-47236",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47236"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-6240",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6240"
},
{
"name": "CVE-2024-32004",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32004"
},
{
"name": "CVE-2021-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47118"
},
{
"name": "CVE-2024-35890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35890"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2023-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6918"
},
{
"name": "CVE-2024-22195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
},
{
"name": "CVE-2023-52877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-32020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32020"
},
{
"name": "CVE-2024-0450",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
},
{
"name": "CVE-2023-45803",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2024-32487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32487"
},
{
"name": "CVE-2024-26826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26826"
},
{
"name": "CVE-2024-27056",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27056"
},
{
"name": "CVE-2024-26583",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26583"
},
{
"name": "CVE-2024-26642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26642"
},
{
"name": "CVE-2021-47153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47153"
},
{
"name": "CVE-2024-35888",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35888"
},
{
"name": "CVE-2023-52700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52700"
},
{
"name": "CVE-2023-31122",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31122"
},
{
"name": "CVE-2023-52439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52439"
},
{
"name": "CVE-2021-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
},
{
"name": "CVE-2024-26675",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26675"
},
{
"name": "CVE-2019-14865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14865"
},
{
"name": "CVE-2024-26906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26906"
},
{
"name": "CVE-2024-26610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26610"
},
{
"name": "CVE-2024-2357",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2357"
},
{
"name": "CVE-2024-26584",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26584"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2024-26919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26919"
},
{
"name": "CVE-2023-52445",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52445"
},
{
"name": "CVE-2024-33601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33601"
},
{
"name": "CVE-2024-3019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3019"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2024-27014",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27014"
},
{
"name": "CVE-2021-34558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34558"
},
{
"name": "CVE-2024-32465",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32465"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2023-43789",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43789"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2024-25062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25062"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2024-2398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
},
{
"name": "CVE-2024-26892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26892"
},
{
"name": "CVE-2024-35835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
},
{
"name": "CVE-2024-26735",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26735"
},
{
"name": "CVE-2023-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
},
{
"name": "CVE-2023-4693",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4693"
},
{
"name": "CVE-2021-46972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46972"
},
{
"name": "CVE-2023-52578",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52578"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-34750",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34750"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2021-46934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46934"
},
{
"name": "CVE-2024-1048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1048"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2023-52598",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52598"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-26659",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26659"
},
{
"name": "CVE-2023-52667",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52667"
},
{
"name": "CVE-2024-26933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26933"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-52703",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52703"
},
{
"name": "CVE-2023-52594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52594"
},
{
"name": "CVE-2024-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26693"
},
{
"name": "CVE-2023-52595",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52595"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2022-48624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48624"
},
{
"name": "CVE-2024-26759",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26759"
},
{
"name": "CVE-2023-52464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52464"
},
{
"name": "CVE-2023-52813",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
},
{
"name": "CVE-2024-35838",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35838"
},
{
"name": "CVE-2023-52513",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52513"
},
{
"name": "CVE-2023-52615",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52615"
},
{
"name": "CVE-2023-52610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52610"
},
{
"name": "CVE-2023-52560",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52560"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2023-39322",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39322"
},
{
"name": "CVE-2023-52606",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52606"
},
{
"name": "CVE-2021-47069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
},
{
"name": "CVE-2024-35960",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35960"
},
{
"name": "CVE-2022-39253",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39253"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2023-2953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
},
{
"name": "CVE-2024-26872",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26872"
},
{
"name": "CVE-2020-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"name": "CVE-2024-26901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26901"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2023-52835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
},
{
"name": "CVE-2024-26982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26982"
},
{
"name": "CVE-2021-47310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47310"
},
{
"name": "CVE-2023-52626",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52626"
},
{
"name": "CVE-2024-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0340"
},
{
"name": "CVE-2024-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26744"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-35958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35958"
},
{
"name": "CVE-2021-47456",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47456"
},
{
"name": "CVE-2021-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
},
{
"name": "CVE-2024-32002",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32002"
},
{
"name": "CVE-2022-48669",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48669"
},
{
"name": "CVE-2023-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52565"
},
{
"name": "CVE-2023-52520",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52520"
},
{
"name": "CVE-2021-47356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47356"
},
{
"name": "CVE-2024-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26694"
},
{
"name": "CVE-2024-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2961"
},
{
"name": "CVE-2024-26664",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26664"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2021-47353",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47353"
},
{
"name": "CVE-2023-6597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
},
{
"name": "CVE-2023-52607",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52607"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2018-25091",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25091"
},
{
"name": "CVE-2023-5090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5090"
},
{
"name": "CVE-2024-27410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27410"
},
{
"name": "CVE-2021-46909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46909"
},
{
"name": "CVE-2024-35853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35853"
},
{
"name": "CVE-2024-26907",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26907"
}
],
"initial_release_date": "2024-09-05T00:00:00",
"last_revision_date": "2024-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0741",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-09-05T00:00:00.000000"
},
{
"description": "Ajout r\u00e9f\u00e9rence \u00e9diteur",
"revision_date": "2024-09-06T00:00:00.000000"
},
{
"description": "Correction d\u0027identifiants CVE erron\u00e9s",
"revision_date": "2024-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Secure Analytics. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Secure Analytics",
"vendor_advisories": [
{
"published_at": "2024-09-30",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA86686",
"url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP9-IF02"
}
]
}
CERTFR-2025-AVI-0855
Vulnerability from certfr_avis - Published: 2025-10-09 - Updated: 2025-10-09
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions 24.4 antérieures à 24.4R2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 22.4R3-S8-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 23.4 antérieures à 23.4R2-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S4-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 22.4R3-S8 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-S2-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.4-EVO antérieures à 24.4R2-EVO | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 24.1R4 | ||
| Juniper Networks | Security Director | Security Director Policy Enforcer versions antérieures à 23.1R1 Hotpatch v3 | ||
| Juniper Networks | Junos Space | Junos Space Security Director versions antérieures à 24.1R4 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-S5-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 23.2 antérieures à 23.2R2-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 24.2 antérieures à 24.2R2-S1 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 24.4 ant\u00e9rieures \u00e0 24.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R3-S8-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S4-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 22.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-S2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.4-EVO ant\u00e9rieures \u00e0 24.4R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R4",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 23.1R1 Hotpatch v3",
"product": {
"name": "Security Director",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R4",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-S5-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2 ant\u00e9rieures \u00e0 24.2R2-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24795"
},
{
"name": "CVE-2024-36903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36903"
},
{
"name": "CVE-2023-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44431"
},
{
"name": "CVE-2021-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47606"
},
{
"name": "CVE-2025-59993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59993"
},
{
"name": "CVE-2025-59997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59997"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2025-59995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59995"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2023-28466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
},
{
"name": "CVE-2024-36921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
},
{
"name": "CVE-2025-59986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59986"
},
{
"name": "CVE-2025-60009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60009"
},
{
"name": "CVE-2025-59989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59989"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2023-46103",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46103"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2023-2235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
},
{
"name": "CVE-2025-59999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59999"
},
{
"name": "CVE-2025-59994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59994"
},
{
"name": "CVE-2024-4076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
},
{
"name": "CVE-2025-59967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59967"
},
{
"name": "CVE-2022-24805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2024-37356",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37356"
},
{
"name": "CVE-2024-47538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2024-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
},
{
"name": "CVE-2025-59991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59991"
},
{
"name": "CVE-2024-5564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
},
{
"name": "CVE-2024-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
},
{
"name": "CVE-2023-28746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
},
{
"name": "CVE-2023-52864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
},
{
"name": "CVE-2025-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26600"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2025-59982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59982"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2023-43785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43785"
},
{
"name": "CVE-2024-30205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
},
{
"name": "CVE-2018-17247",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17247"
},
{
"name": "CVE-2025-60004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60004"
},
{
"name": "CVE-2023-51594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51594"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2023-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50229"
},
{
"name": "CVE-2025-59974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59974"
},
{
"name": "CVE-2025-26598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26598"
},
{
"name": "CVE-2018-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
},
{
"name": "CVE-2024-40928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40928"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-8508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
},
{
"name": "CVE-2024-36020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36020"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2025-59981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59981"
},
{
"name": "CVE-2023-31248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31248"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2024-30203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2024-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
},
{
"name": "CVE-2025-59968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59968"
},
{
"name": "CVE-2023-51592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51592"
},
{
"name": "CVE-2025-59990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59990"
},
{
"name": "CVE-2021-22146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22146"
},
{
"name": "CVE-2025-59978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59978"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-36017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
},
{
"name": "CVE-2024-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
},
{
"name": "CVE-2024-27434",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27434"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2024-38558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38558"
},
{
"name": "CVE-2025-59992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59992"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2021-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
},
{
"name": "CVE-2025-60000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60000"
},
{
"name": "CVE-2022-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
},
{
"name": "CVE-2024-47607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
},
{
"name": "CVE-2024-27065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
},
{
"name": "CVE-2024-36005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
},
{
"name": "CVE-2023-45866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45866"
},
{
"name": "CVE-2023-27349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27349"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2015-5377",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5377"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2022-24810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
},
{
"name": "CVE-2024-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2025-60001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60001"
},
{
"name": "CVE-2024-5742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5742"
},
{
"name": "CVE-2023-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50230"
},
{
"name": "CVE-2025-52960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52960"
},
{
"name": "CVE-2024-36922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36922"
},
{
"name": "CVE-2025-59996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59996"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2023-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38575"
},
{
"name": "CVE-2024-35911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35911"
},
{
"name": "CVE-2025-59957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59957"
},
{
"name": "CVE-2025-59958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59958"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2018-17244",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17244"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-26597",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26597"
},
{
"name": "CVE-2024-36971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2024-42934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42934"
},
{
"name": "CVE-2023-51580",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51580"
},
{
"name": "CVE-2024-35848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35848"
},
{
"name": "CVE-2024-27417",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27417"
},
{
"name": "CVE-2023-21102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21102"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2025-59983",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59983"
},
{
"name": "CVE-2024-36941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2024-35969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35969"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2025-60006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60006"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2015-1427",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1427"
},
{
"name": "CVE-2024-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
},
{
"name": "CVE-2024-35899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
},
{
"name": "CVE-2024-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35823"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-9632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9632"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2025-26595",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26595"
},
{
"name": "CVE-2024-26868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26868"
},
{
"name": "CVE-2023-43787",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43787"
},
{
"name": "CVE-2023-43786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43786"
},
{
"name": "CVE-2024-8235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8235"
},
{
"name": "CVE-2023-4147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4147"
},
{
"name": "CVE-2025-59977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59977"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2023-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
},
{
"name": "CVE-2025-26596",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26596"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2022-48622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48622"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2024-26828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
},
{
"name": "CVE-2025-59998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59998"
},
{
"name": "CVE-2024-26808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
},
{
"name": "CVE-2024-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
},
{
"name": "CVE-2025-60002",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60002"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
},
{
"name": "CVE-2018-3831",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3831"
},
{
"name": "CVE-2023-43490",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43490"
},
{
"name": "CVE-2025-59976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59976"
},
{
"name": "CVE-2025-59980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59980"
},
{
"name": "CVE-2025-26599",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26599"
},
{
"name": "CVE-2024-47615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
},
{
"name": "CVE-2018-3823",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3823"
},
{
"name": "CVE-2023-22655",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22655"
},
{
"name": "CVE-2024-6126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6126"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2023-39368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39368"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2024-26853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26853"
},
{
"name": "CVE-2025-59975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59975"
},
{
"name": "CVE-2025-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
},
{
"name": "CVE-2025-59987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59987"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2018-3826",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3826"
},
{
"name": "CVE-2025-26601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26601"
},
{
"name": "CVE-2024-52337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52337"
},
{
"name": "CVE-2025-59985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59985"
},
{
"name": "CVE-2025-11198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11198"
},
{
"name": "CVE-2022-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
},
{
"name": "CVE-2023-32233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2024-26327",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26327"
},
{
"name": "CVE-2015-3253",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3253"
},
{
"name": "CVE-2025-59964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59964"
},
{
"name": "CVE-2025-59988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59988"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2023-45733",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45733"
},
{
"name": "CVE-2021-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
},
{
"name": "CVE-2024-6655",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6655"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2024-27049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27049"
},
{
"name": "CVE-2025-59984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59984"
},
{
"name": "CVE-2025-52961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52961"
},
{
"name": "CVE-2023-51589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51589"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2021-3903",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3903"
},
{
"name": "CVE-2024-35800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35800"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2023-51596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51596"
},
{
"name": "CVE-2025-60010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60010"
},
{
"name": "CVE-2023-51764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51764"
},
{
"name": "CVE-2025-26594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26594"
},
{
"name": "CVE-2024-6409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6409"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2022-24808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
},
{
"name": "CVE-2025-59962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59962"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2024-40961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
}
],
"initial_release_date": "2025-10-09T00:00:00",
"last_revision_date": "2025-10-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0855",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103140",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-XSS-vulnerabilities-resolved-in-24-1R4-release"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103141",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R4-release"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103163",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-Multiple-OS-command-injection-vulnerabilities-fixed-CVE-2025-60006"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103168",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Device-allows-login-for-user-with-expired-password-CVE-2025-60010"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103171",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Reflected-client-side-HTTP-parameter-pollution-vulnerability-in-web-interface-CVE-2025-59977"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103167",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-When-a-user-with-the-name-ftp-or-anonymous-is-configured-unauthenticated-filesystem-access-is-allowed-CVE-2025-59980"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103156",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7024X-ACX7100-32C-ACX7100-48L-ACX7348-ACX7509-When-specific-valid-multicast-traffic-is-received-on-the-L3-interface-a-vulnerable-device-evo-pfemand-crashes-and-restarts-CVE-2025-59967"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103437",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Security-Director-Policy-Enforcer-An-unrestricted-API-allows-a-network-based-unauthenticated-attacker-to-deploy-malicious-vSRX-images-to-VMWare-NSX-Server-CVE-2025-11198"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103172",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Flooding-device-with-inbound-API-calls-leads-to-WebUI-and-CLI-management-access-DoS-CVE-2025-59975"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103157",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Juniper-Security-Director-Insufficient-authorization-for-sensitive-resources-in-web-interface-CVE-2025-59968"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103170",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Arbitrary-file-download-vulnerability-in-web-interface-CVE-2025-59976"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103139",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103151",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-sharding-enabled-change-in-indirect-next-hop-can-cause-RPD-crash-CVE-2025-59962"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103153",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX4700-When-forwarding-options-sampling-is-enabled-any-traffic-destined-to-the-RE-will-cause-the-forwarding-line-card-to-crash-and-restart-CVE-2025-59964"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103147",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-When-firewall-filter-rejects-traffic-these-packets-are-erroneously-sent-to-the-RE-CVE-2025-59958"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103144",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-except-PTX10003-An-unauthenticated-adjacent-attacker-sending-specific-valid-traffic-can-cause-a-memory-leak-in-cfmman-leading-to-FPC-crash-and-restart-CVE-2025-52961"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103143",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Receipt-of-specific-SIP-packets-in-a-high-utilization-situation-causes-a-flowd-crash-CVE-2025-52960"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103146",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-An-attacker-with-physical-access-can-open-a-persistent-backdoor-CVE-2025-59957"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103138",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4-by-upgrading-Log4j-Java-library-to-2-23-1-and-ElasticSearch-to-6-8-17"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103165",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-BGP-EVPN-update-message-causes-rpd-crash-CVE-2025-60004"
}
]
}
FKIE_CVE-2021-41072
Vulnerability from fkie_nvd - Published: 2021-09-14 01:15 - Updated: 2024-11-21 06:25
Severity ?
Summary
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/202305-29 | ||
| cve@mitre.org | https://www.debian.org/security/2021/dsa-4987 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202305-29 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2021/dsa-4987 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| squashfs-tools_project | squashfs-tools | 4.5 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:squashfs-tools_project:squashfs-tools:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "259A52A7-B40A-45B5-B5F5-CE79A4DE4266",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem."
},
{
"lang": "es",
"value": "Una funci\u00f3n squashfs_opendir en el archivo unsquash-2.c en Squashfs-Tools versi\u00f3n 4.5 permite un Salto de Directorio, una vulnerabilidad diferente a CVE-2021-40153. Un sistema de archivos squashfs que ha sido dise\u00f1ado para incluir un enlace simb\u00f3lico y luego contenidos bajo el mismo nombre de archivo en un sistema de archivos puede causar que unsquashfs primero cree el enlace simb\u00f3lico apuntando fuera del directorio esperado, y luego la operaci\u00f3n de escritura subsiguiente causar\u00e1 que el proceso unsquashfs escriba mediante el enlace simb\u00f3lico en otra parte del sistema de archivos"
}
],
"id": "CVE-2021-41072",
"lastModified": "2024-11-21T06:25:22.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-14T01:15:07.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202305-29"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202305-29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4987"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-F6M6-9FJW-69QM
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-06-29 00:00
VLAI?
Details
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
Severity ?
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2021-41072"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-59"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-14T01:15:00Z",
"severity": "HIGH"
},
"details": "squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.",
"id": "GHSA-f6m6-9fjw-69qm",
"modified": "2022-06-29T00:00:54Z",
"published": "2022-05-24T19:14:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41072"
},
{
"type": "WEB",
"url": "https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405"
},
{
"type": "WEB",
"url": "https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00017.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-29"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4987"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…