Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-20130 (GCVE-0-2022-20130)
Vulnerability from cvelistv5 – Published: 2022-06-15 13:00 – Updated: 2024-08-03 02:02
VLAI?
EPSS
Summary
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979
Severity ?
No CVSS data available.
CWE
- Remote code execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T02:02:30.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2022-06-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Android-10 Android-11 Android-12 Android-12L"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-15T13:00:36.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://source.android.com/security/bulletin/2022-06-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2022-20130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10 Android-11 Android-12 Android-12L"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2022-06-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2022-06-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2022-20130",
"datePublished": "2022-06-15T13:00:36.000Z",
"dateReserved": "2021-10-14T00:00:00.000Z",
"dateUpdated": "2024-08-03T02:02:30.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2022-20130
Vulnerability from fkie_nvd - Published: 2022-06-15 13:15 - Updated: 2024-11-21 06:42
Severity ?
Summary
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C64C1583-CDE0-4C1F-BDE6-05643C1BDD72",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979"
},
{
"lang": "es",
"value": "En la funci\u00f3n transportDec_OutOfBandConfig del archivo tpdec_lib.cpp, se presenta una posible escritura fuera de l\u00edmites debido a un desbordamiento del b\u00fafer de la pila. Esto podr\u00eda conllevar a una ejecuci\u00f3n de c\u00f3digo remota sin ser necesarios privilegios de ejecuci\u00f3n adicionales. No es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. Producto: Android, Versiones: Android-10 Android-11 Android-12 Android-12L, ID de Android: A-224314979"
}
],
"id": "CVE-2022-20130",
"lastModified": "2024-11-21T06:42:12.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-06-15T13:15:08.667",
"references": [
{
"source": "security@android.com",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/2022-06-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/2022-06-01"
}
],
"sourceIdentifier": "security@android.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CNVD-2022-53385
Vulnerability from cnvd - Published: 2022-07-25
VLAI Severity ?
Title
Google Android越界写入漏洞(CNVD-2022-53385)
Description
Google Android是美国谷歌(Google)公司的一套以Linux为基础的开源操作系统。
Google Android存在越界写入漏洞,该漏洞源于在tpdec_lib.cpp的 transportDec_OutOfBandConfig中,由于堆缓冲区溢出,可能存在越界写入,攻击者可利用该漏洞无需额外执行权限即可远程执行代码。
Severity
高
Patch Name
Google Android越界写入漏洞(CNVD-2022-53385)的补丁
Patch Description
Google Android是美国谷歌(Google)公司的一套以Linux为基础的开源操作系统。
Google Android存在越界写入漏洞,该漏洞源于在tpdec_lib.cpp的 transportDec_OutOfBandConfig中,由于堆缓冲区溢出,可能存在越界写入,攻击者可利用该漏洞无需额外执行权限即可远程执行代码。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://source.android.com/security/bulletin/2022-06-01
Reference
https://www.auscert.org.au/bulletins/ESB-2022.2804
Impacted products
| Name | ['Google Android 10', 'Google Android 11', 'Google Android 12', 'Google Android 12L'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2022-20130",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-20130"
}
},
"description": "Google Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nGoogle Android\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728tpdec_lib.cpp\u7684 transportDec_OutOfBandConfig\u4e2d\uff0c\u7531\u4e8e\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u80fd\u5b58\u5728\u8d8a\u754c\u5199\u5165\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u65e0\u9700\u989d\u5916\u6267\u884c\u6743\u9650\u5373\u53ef\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://source.android.com/security/bulletin/2022-06-01",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-53385",
"openTime": "2022-07-25",
"patchDescription": "Google Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nGoogle Android\u5b58\u5728\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728tpdec_lib.cpp\u7684 transportDec_OutOfBandConfig\u4e2d\uff0c\u7531\u4e8e\u5806\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u80fd\u5b58\u5728\u8d8a\u754c\u5199\u5165\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u65e0\u9700\u989d\u5916\u6267\u884c\u6743\u9650\u5373\u53ef\u8fdc\u7a0b\u6267\u884c\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Google Android\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff08CNVD-2022-53385\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Google Android 10",
"Google Android 11",
"Google Android 12",
"Google Android 12L"
]
},
"referenceLink": "https://www.auscert.org.au/bulletins/ESB-2022.2804",
"serverity": "\u9ad8",
"submitTime": "2022-06-14",
"title": "Google Android\u8d8a\u754c\u5199\u5165\u6f0f\u6d1e\uff08CNVD-2022-53385\uff09"
}
CVE-2022-20130
Vulnerability from fstec - Published: 05.04.2022
VLAI Severity ?
Title
Уязвимость функции transportDec_OutOfBandConfig() (tpdec_lib.cpp) операционных систем Android, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость функции transportDec_OutOfBandConfig() (tpdec_lib.cpp) операционных систем Android связана с записью за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
Google Inc
Software Name
Android
Software Version
10.0 (Android), 11.0 (Android), 12 (Android), 12L (Android)
Possible Mitigations
Использование рекомендаций:
https://source.android.com/security/bulletin/2022-06-01
Reference
https://source.android.com/security/bulletin/2022-06-01
CWE
CWE-787
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Google Inc",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "10.0 (Android), 11.0 (Android), 12 (Android), 12L (Android)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://source.android.com/security/bulletin/2022-06-01",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.04.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "04.07.2022",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.07.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-04055",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-20130",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Android",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Google Inc Android 10.0 , Google Inc Android 11.0 , Google Inc Android 12 , Google Inc Android 12L ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 transportDec_OutOfBandConfig() (tpdec_lib.cpp) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Android, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 transportDec_OutOfBandConfig() (tpdec_lib.cpp) \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Android \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0437\u0430\u043f\u0438\u0441\u044c\u044e \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://source.android.com/security/bulletin/2022-06-01",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)"
}
GHSA-W6C5-392V-RP9C
Vulnerability from github – Published: 2022-06-16 00:00 – Updated: 2022-06-24 00:00
VLAI?
Details
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2022-20130"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-15T13:15:00Z",
"severity": "CRITICAL"
},
"details": "In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979",
"id": "GHSA-w6c5-392v-rp9c",
"modified": "2022-06-24T00:00:29Z",
"published": "2022-06-16T00:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20130"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2022-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2022-20130
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-20130",
"description": "In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979",
"id": "GSD-2022-20130"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-20130"
],
"details": "In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979",
"id": "GSD-2022-20130",
"modified": "2023-12-13T01:19:16.482887Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2022-20130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-10 Android-11 Android-12 Android-12L"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2022-06-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2022-06-01"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2022-20130"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-224314979"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2022-06-01",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://source.android.com/security/bulletin/2022-06-01"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-06-23T18:02Z",
"publishedDate": "2022-06-15T13:15Z"
}
}
}
CERTFR-2024-AVI-0203
Vulnerability from certfr_avis - Published: 2024-03-12 - Updated: 2024-03-12
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Cerberus PRO EN Engineering Tool versions antérieures à IP8 | ||
| Siemens | N/A | SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | Sinteso FS20 EN Fire Panel FC20 versions antérieures à MP8 | ||
| Siemens | N/A | RUGGEDCOM APE1808 avec Fortinet NGFW versions antérieures à V7.4.1 | ||
| Siemens | N/A | Sinteso FS20 EN X200 Cloud Distribution versions V4.0.x antérieures à V4.0.5016 | ||
| Siemens | N/A | Cerberus PRO EN X200 Cloud Distribution versions V4.0.x antérieures à V4.0.5016 | ||
| Siemens | N/A | SENTRON 3KC ATC6 Expansion Module Ethernet toutes versions | ||
| Siemens | N/A | Sinteso FS20 EN Engineering Tool versions antérieures à MP8 | ||
| Siemens | N/A | SIMATIC RF160B (6GT2003-0FA00) versions antérieures à V2.2 | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antérieures à V3.2 | ||
| Siemens | N/A | Solid Edge versions antérieures à V223.0.11 | ||
| Siemens | N/A | Siveillance Control versions supérieures ou égales à V2.8 versions antérieures à V3.1.1 | ||
| Siemens | N/A | Cerberus PRO EN X300 Cloud Distribution versions V4.3.x antérieures à V4.3.5617 | ||
| Siemens | N/A | Cerberus PRO EN Fire Panel FC72x versions antérieures à IP8 | ||
| Siemens | N/A | SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | Sinteso FS20 EN X300 Cloud Distribution versions V4.2.x antérieures à V4.2.5015 | ||
| Siemens | N/A | SINEMA Remote Connect Client versions antérieures à V3.1 SP1 | ||
| Siemens | N/A | SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0 | ||
| Siemens | N/A | Cerberus PRO EN X300 Cloud Distribution versions V4.2.x antérieures à V4.2.5015 | ||
| Siemens | N/A | Sinteso FS20 EN X200 Cloud Distribution versions V4.3.x antérieures à V4.3.5618 | ||
| Siemens | N/A | Cerberus PRO EN X200 Cloud Distribution versions V4.3.x antérieures à V4.3.5618 | ||
| Siemens | N/A | Sinteso FS20 EN X300 Cloud Distribution versions V4.3.x antérieures à V4.3.5617 | ||
| Siemens | N/A | Sinteso Mobile versions antérieures à V3.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cerberus PRO EN Engineering Tool versions ant\u00e9rieures \u00e0 IP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN Fire Panel FC20 versions ant\u00e9rieures \u00e0 MP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM APE1808 avec Fortinet NGFW versions ant\u00e9rieures \u00e0 V7.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X200 Cloud Distribution versions V4.0.x ant\u00e9rieures \u00e0 V4.0.5016",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X200 Cloud Distribution versions V4.0.x ant\u00e9rieures \u00e0 V4.0.5016",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 3KC ATC6 Expansion Module Ethernet toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN Engineering Tool versions ant\u00e9rieures \u00e0 MP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF160B (6GT2003-0FA00) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge versions ant\u00e9rieures \u00e0 V223.0.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Control versions sup\u00e9rieures ou \u00e9gales \u00e0 V2.8 versions ant\u00e9rieures \u00e0 V3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X300 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5617",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN Fire Panel FC72x versions ant\u00e9rieures \u00e0 IP8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X300 Cloud Distribution versions V4.2.x ant\u00e9rieures \u00e0 V4.2.5015",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Client versions ant\u00e9rieures \u00e0 V3.1 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X300 Cloud Distribution versions V4.2.x ant\u00e9rieures \u00e0 V4.2.5015",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X200 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5618",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus PRO EN X200 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5618",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso FS20 EN X300 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5617",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Sinteso Mobile versions ant\u00e9rieures \u00e0 V3.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0646",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0646"
},
{
"name": "CVE-2017-18509",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18509"
},
{
"name": "CVE-2021-0599",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0599"
},
{
"name": "CVE-2021-0443",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0443"
},
{
"name": "CVE-2022-20462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20462"
},
{
"name": "CVE-2021-0598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0598"
},
{
"name": "CVE-2021-0438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0438"
},
{
"name": "CVE-2021-0651",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0651"
},
{
"name": "CVE-2021-0585",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0585"
},
{
"name": "CVE-2021-0331",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0331"
},
{
"name": "CVE-2021-0509",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0509"
},
{
"name": "CVE-2021-0601",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0601"
},
{
"name": "CVE-2021-0478",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0478"
},
{
"name": "CVE-2021-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0397"
},
{
"name": "CVE-2021-0600",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0600"
},
{
"name": "CVE-2021-0928",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0928"
},
{
"name": "CVE-2021-0484",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0484"
},
{
"name": "CVE-2023-36641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
},
{
"name": "CVE-2021-0642",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0642"
},
{
"name": "CVE-2021-0341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
},
{
"name": "CVE-2023-38546",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
},
{
"name": "CVE-2022-41329",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41329"
},
{
"name": "CVE-2021-0597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0597"
},
{
"name": "CVE-2020-24587",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2022-20421",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20421"
},
{
"name": "CVE-2021-0593",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0593"
},
{
"name": "CVE-2022-20498",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20498"
},
{
"name": "CVE-2021-0473",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0473"
},
{
"name": "CVE-2022-41328",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41328"
},
{
"name": "CVE-2022-42474",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42474"
},
{
"name": "CVE-2021-0870",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0870"
},
{
"name": "CVE-2020-0417",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0417"
},
{
"name": "CVE-2020-29660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29660"
},
{
"name": "CVE-2021-0604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0604"
},
{
"name": "CVE-2021-0522",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0522"
},
{
"name": "CVE-2021-39629",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39629"
},
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2021-38204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-38204"
},
{
"name": "CVE-2022-20229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20229"
},
{
"name": "CVE-2023-33306",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33306"
},
{
"name": "CVE-2022-39948",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39948"
},
{
"name": "CVE-2022-20423",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20423"
},
{
"name": "CVE-2021-0396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0396"
},
{
"name": "CVE-2021-0650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0650"
},
{
"name": "CVE-2021-0329",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0329"
},
{
"name": "CVE-2023-41675",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41675"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-27997",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"
},
{
"name": "CVE-2023-29183",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29183"
},
{
"name": "CVE-2021-0471",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0471"
},
{
"name": "CVE-2023-29181",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29181"
},
{
"name": "CVE-2021-0963",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0963"
},
{
"name": "CVE-2021-0327",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0327"
},
{
"name": "CVE-2021-0653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0653"
},
{
"name": "CVE-2021-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0690"
},
{
"name": "CVE-2021-39634",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39634"
},
{
"name": "CVE-2021-0596",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0596"
},
{
"name": "CVE-2023-47537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47537"
},
{
"name": "CVE-2023-28002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
},
{
"name": "CVE-2023-22641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22641"
},
{
"name": "CVE-2021-0919",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0919"
},
{
"name": "CVE-2021-0968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0968"
},
{
"name": "CVE-2022-20500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20500"
},
{
"name": "CVE-2021-29647",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29647"
},
{
"name": "CVE-2021-0521",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0521"
},
{
"name": "CVE-2020-11301",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11301"
},
{
"name": "CVE-2021-0953",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0953"
},
{
"name": "CVE-2021-0926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0926"
},
{
"name": "CVE-2021-0961",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0961"
},
{
"name": "CVE-2023-26207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26207"
},
{
"name": "CVE-2020-23064",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
},
{
"name": "CVE-2021-0652",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0652"
},
{
"name": "CVE-2021-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0339"
},
{
"name": "CVE-2021-39627",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39627"
},
{
"name": "CVE-2021-0437",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0437"
},
{
"name": "CVE-2023-29179",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29179"
},
{
"name": "CVE-2021-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0433"
},
{
"name": "CVE-2024-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22041"
},
{
"name": "CVE-2023-33305",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33305"
},
{
"name": "CVE-2022-20473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20473"
},
{
"name": "CVE-2022-43947",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43947"
},
{
"name": "CVE-2023-41841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41841"
},
{
"name": "CVE-2021-0333",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0333"
},
{
"name": "CVE-2022-20483",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20483"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2024-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22045"
},
{
"name": "CVE-2022-42476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42476"
},
{
"name": "CVE-2023-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49125"
},
{
"name": "CVE-2021-0399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0399"
},
{
"name": "CVE-2023-33301",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33301"
},
{
"name": "CVE-2021-0476",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0476"
},
{
"name": "CVE-2021-0507",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0507"
},
{
"name": "CVE-2021-0390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0390"
},
{
"name": "CVE-2021-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0444"
},
{
"name": "CVE-2021-0520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0520"
},
{
"name": "CVE-2021-0586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0586"
},
{
"name": "CVE-2021-39633",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39633"
},
{
"name": "CVE-2021-0587",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0587"
},
{
"name": "CVE-2021-0952",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0952"
},
{
"name": "CVE-2022-20476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20476"
},
{
"name": "CVE-2020-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10768"
},
{
"name": "CVE-2022-20472",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20472"
},
{
"name": "CVE-2021-0326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0326"
},
{
"name": "CVE-2021-0929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0929"
},
{
"name": "CVE-2022-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20227"
},
{
"name": "CVE-2021-0336",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0336"
},
{
"name": "CVE-2023-44250",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44250"
},
{
"name": "CVE-2021-0506",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0506"
},
{
"name": "CVE-2021-0515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0515"
},
{
"name": "CVE-2022-20355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20355"
},
{
"name": "CVE-2021-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0330"
},
{
"name": "CVE-2021-0688",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0688"
},
{
"name": "CVE-2021-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0393"
},
{
"name": "CVE-2024-21762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21762"
},
{
"name": "CVE-2021-0512",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0512"
},
{
"name": "CVE-2023-29178",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29178"
},
{
"name": "CVE-2022-20130",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20130"
},
{
"name": "CVE-2021-0519",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0519"
},
{
"name": "CVE-2021-0516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0516"
},
{
"name": "CVE-2021-39621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39621"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2022-42469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42469"
},
{
"name": "CVE-2021-1972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1972"
},
{
"name": "CVE-2021-1976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1976"
},
{
"name": "CVE-2022-41327",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41327"
},
{
"name": "CVE-2021-0640",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0640"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2023-36555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36555"
},
{
"name": "CVE-2022-20422",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20422"
},
{
"name": "CVE-2022-20468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20468"
},
{
"name": "CVE-2023-22640",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22640"
},
{
"name": "CVE-2021-0400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0400"
},
{
"name": "CVE-2022-20469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20469"
},
{
"name": "CVE-2020-26558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
},
{
"name": "CVE-2021-0706",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0706"
},
{
"name": "CVE-2021-0682",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0682"
},
{
"name": "CVE-2021-0480",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0480"
},
{
"name": "CVE-2021-0429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0429"
},
{
"name": "CVE-2023-22639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22639"
},
{
"name": "CVE-2021-0683",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0683"
},
{
"name": "CVE-2022-20411",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20411"
},
{
"name": "CVE-2022-43953",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43953"
},
{
"name": "CVE-2023-33307",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33307"
},
{
"name": "CVE-2021-0328",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0328"
},
{
"name": "CVE-2021-0684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0684"
},
{
"name": "CVE-2022-20466",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20466"
},
{
"name": "CVE-2023-40718",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40718"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2021-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0704"
},
{
"name": "CVE-2022-20127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20127"
},
{
"name": "CVE-2021-0436",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0436"
},
{
"name": "CVE-2021-0584",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0584"
},
{
"name": "CVE-2022-45861",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45861"
},
{
"name": "CVE-2021-0594",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0594"
},
{
"name": "CVE-2021-0591",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0591"
},
{
"name": "CVE-2021-0514",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0514"
},
{
"name": "CVE-2021-0511",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0511"
},
{
"name": "CVE-2021-0931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0931"
},
{
"name": "CVE-2024-21483",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21483"
},
{
"name": "CVE-2020-15436",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
},
{
"name": "CVE-2023-45793",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45793"
},
{
"name": "CVE-2021-0689",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0689"
},
{
"name": "CVE-2023-28001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28001"
},
{
"name": "CVE-2021-0970",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0970"
},
{
"name": "CVE-2021-0337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0337"
},
{
"name": "CVE-2022-32257",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32257"
},
{
"name": "CVE-2023-36639",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
},
{
"name": "CVE-2021-39623",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39623"
},
{
"name": "CVE-2022-41330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41330"
},
{
"name": "CVE-2021-0508",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0508"
},
{
"name": "CVE-2021-0325",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0325"
},
{
"name": "CVE-2021-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0708"
},
{
"name": "CVE-2022-41334",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41334"
},
{
"name": "CVE-2024-23113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23113"
},
{
"name": "CVE-2020-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0338"
},
{
"name": "CVE-2020-26555",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
},
{
"name": "CVE-2021-0302",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0302"
},
{
"name": "CVE-2021-0589",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0589"
},
{
"name": "CVE-2021-0305",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0305"
},
{
"name": "CVE-2023-33308",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33308"
},
{
"name": "CVE-2023-29175",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29175"
},
{
"name": "CVE-2021-0431",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0431"
},
{
"name": "CVE-2021-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0392"
},
{
"name": "CVE-2021-0474",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0474"
},
{
"name": "CVE-2021-0930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0930"
},
{
"name": "CVE-2021-39626",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39626"
},
{
"name": "CVE-2021-0967",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0967"
},
{
"name": "CVE-2023-25610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25610"
},
{
"name": "CVE-2023-37935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37935"
},
{
"name": "CVE-2021-0695",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0695"
},
{
"name": "CVE-2024-22040",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22040"
},
{
"name": "CVE-2021-0965",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0965"
},
{
"name": "CVE-2021-0513",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0513"
},
{
"name": "CVE-2021-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0434"
},
{
"name": "CVE-2021-0687",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0687"
},
{
"name": "CVE-2021-0481",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0481"
},
{
"name": "CVE-2021-0964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0964"
},
{
"name": "CVE-2021-0641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0641"
},
{
"name": "CVE-2021-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0435"
},
{
"name": "CVE-2021-0334",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0334"
},
{
"name": "CVE-2021-0933",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0933"
},
{
"name": "CVE-2021-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0394"
},
{
"name": "CVE-2023-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29180"
},
{
"name": "CVE-2021-0588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0588"
},
{
"name": "CVE-2023-38545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
},
{
"name": "CVE-2024-22039",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22039"
},
{
"name": "CVE-2021-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0391"
},
{
"name": "CVE-2021-0510",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0510"
},
{
"name": "CVE-2021-0692",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0692"
},
{
"name": "CVE-2024-22044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22044"
},
{
"name": "CVE-2020-14381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
}
],
"initial_release_date": "2024-03-12T00:00:00",
"last_revision_date": "2024-03-12T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0203",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-792319 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-792319.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-918992 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-918992.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-353002 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-353002.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-653855 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-653855.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-225840 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-145196 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-145196.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-382651 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-382651.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-832273 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-366067 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-366067.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-770721 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-576771 du 12 mars 2024",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-576771.html"
}
]
}
CERTFR-2022-AVI-524
Vulnerability from certfr_avis - Published: 2022-06-07 - Updated: 2022-06-07
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android versions 10, 11, 12 et 12L sans le correctif de s\u00e9curit\u00e9 du 01 juin 2022",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-35111",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35111"
},
{
"name": "CVE-2022-20144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20144"
},
{
"name": "CVE-2022-20134",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20134"
},
{
"name": "CVE-2021-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4154"
},
{
"name": "CVE-2022-20143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20143"
},
{
"name": "CVE-2022-22087",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22087"
},
{
"name": "CVE-2022-20132",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20132"
},
{
"name": "CVE-2022-20140",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20140"
},
{
"name": "CVE-2021-39624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39624"
},
{
"name": "CVE-2022-20210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20210"
},
{
"name": "CVE-2022-20131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20131"
},
{
"name": "CVE-2022-20126",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20126"
},
{
"name": "CVE-2022-22084",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22084"
},
{
"name": "CVE-2022-22090",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22090"
},
{
"name": "CVE-2022-20138",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20138"
},
{
"name": "CVE-2022-20135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20135"
},
{
"name": "CVE-2021-35102",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35102"
},
{
"name": "CVE-2022-20130",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20130"
},
{
"name": "CVE-2022-25258",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25258"
},
{
"name": "CVE-2022-24958",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24958"
},
{
"name": "CVE-2022-20141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20141"
},
{
"name": "CVE-2022-21745",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21745"
},
{
"name": "CVE-2021-35083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35083"
},
{
"name": "CVE-2022-20006",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20006"
},
{
"name": "CVE-2022-20147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20147"
},
{
"name": "CVE-2022-20133",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20133"
},
{
"name": "CVE-2022-20127",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20127"
},
{
"name": "CVE-2022-20136",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20136"
},
{
"name": "CVE-2022-22086",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22086"
},
{
"name": "CVE-2022-22082",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22082"
},
{
"name": "CVE-2022-22083",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22083"
},
{
"name": "CVE-2021-39691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39691"
},
{
"name": "CVE-2022-20142",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20142"
},
{
"name": "CVE-2022-22085",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22085"
},
{
"name": "CVE-2022-20129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20129"
},
{
"name": "CVE-2022-20124",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20124"
},
{
"name": "CVE-2022-20125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20125"
},
{
"name": "CVE-2022-20123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20123"
},
{
"name": "CVE-2022-20145",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20145"
},
{
"name": "CVE-2022-20137",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20137"
}
],
"initial_release_date": "2022-06-07T00:00:00",
"last_revision_date": "2022-06-07T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-524",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google du 06 juin 2022",
"url": "https://source.android.com/security/bulletin/2022-06-01"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…