Vulnerability-Lookup

CVE-2022-29173 (GCVE-0-2022-29173)

Vulnerability from cvelistv5 – Published: 2022-05-05 22:30 – Updated: 2025-04-23 18:31

Title

No protection against rollback attacks in go-tuf

Summary

go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading.

Severity ?

8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-354 - Improper Validation of Integrity Check Value

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	theupdateframework	go-tuf	Affected: < 0.3.0

GHSA-66X3-6CW3-V5GJ

Vulnerability from github – Published: 2022-05-24 20:50 – Updated: 2022-05-24 20:50

Summary

Improper Validation of Integrity Check Value in go-tuf

Details

Impact

go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities.

In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 1. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow).

Patches

A fix is available in version 0.3.0 or newer.

Workarounds

No workarounds are known for this issue apart from upgrading.

References

Commit resolving the issue https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d
TUF specification version against which this vulnerability is observed is v.1.0.28. For more details, refer to Section 5.
Codebase that is affected is go-tuf@f0c3294f63b9145029464164f9bce49553b77cbb

For more information

If you have any questions or comments about this advisory: * Open an issue in go-tuf * Email us at TUF's mailing list * The #tuf channel on CNCF Slack.

Severity ?

8.0 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/theupdateframework/go-tuf"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-29173"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-354"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-24T20:50:46Z",
    "nvd_published_at": "2022-05-05T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\n[go-tuf](https://github.com/theupdateframework/go-tuf) does not correctly implement the [client workflow](https://theupdateframework.github.io/specification/v1.0.28/index.html#detailed-client-workflow) for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities.\n\nIn more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks:\n1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. \n1. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow).\n\n### Patches\n\nA fix is available in version 0.3.0 or newer.\n\n### Workarounds\n\nNo workarounds are known for this issue apart from upgrading.\n\n### References\n\n* Commit resolving the issue https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d\n* TUF specification version against which this vulnerability is observed is [v.1.0.28](https://theupdateframework.github.io/specification/v1.0.28/index.html#detailed-client-workflow). For more details, refer to Section 5.\n* Codebase that is affected is [go-tuf@f0c3294f63b9145029464164f9bce49553b77cbb](https://github.com/theupdateframework/go-tuf/tree/f0c3294f63b9145029464164f9bce49553b77cbb)\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [go-tuf](https://github.com/theupdateframework/go-tuf/issues)\n* Email us at TUF\u0027s [mailing list](mailto:theupdateframework@googlegroups.com)\n* The [#tuf](https://cloud-native.slack.com/archives/C8NMD3QJ3) channel on [CNCF Slack](https://slack.cncf.io/).",
  "id": "GHSA-66x3-6cw3-v5gj",
  "modified": "2022-05-24T20:50:46Z",
  "published": "2022-05-24T20:50:46Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29173"
    },
    {
      "type": "WEB",
      "url": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/theupdateframework/go-tuf"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2022-0444"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Validation of Integrity Check Value in go-tuf"
}

CERTFR-2025-AVI-0622

Vulnerability from certfr_avis - Published: 2025-07-25 - Updated: 2025-07-25

De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Platform	Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry Windows
VMware	Tanzu Platform	Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry Windows
VMware	N/A	Stemcells sans le dernier correctif de sécurité
VMware	Tanzu Platform	Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry
VMware	Tanzu Platform	Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry Windows
VMware	Tanzu	Anti-Virus sans le dernier correctif de sécurité pour Tanzu version 2.4.0
VMware	Tanzu	Scheduler sans le dernier correctif de sécurité pour Tanzu version 2.0.19
VMware	Tanzu Platform	Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry
VMware	Tanzu Platform	GenAI sans le dernier correctif de sécurité pour Tanzu Platform pour Cloud Foundry version 10.2.1
VMware	Tanzu Application Service	Tanzu Application Service versions antérieures à 1.16.11
VMware	Tanzu Platform	Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry isolation segment
VMware	Tanzu Platform	Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry isolation segment
VMware	Tanzu	Spring Cloud Services sans le dernier correctif de sécurité pour Tanzu version 3.3.8
VMware	Tanzu Platform	Tanzu Platform versions 10.0.x antérieures à 10.0.8 pour Cloud Foundry
VMware	Tanzu Platform	Tanzu Platform versions 4.0.x antérieures à 4.0.38+LTS-T pour Cloud Foundry isolation segment
VMware	Tanzu	Spring Cloud Data Flow sans le dernier correctif de sécurité pour Tanzu version 1.14.7
VMware	Tanzu Platform	Tanzu Platform versions 6.0.x antérieures à 6.0.18+LTS-T pour Cloud Foundry isolation segment
VMware	Tanzu Platform	Tanzu Platform versions 10.2.x antérieures à 10.2.1+LTS-T pour Cloud Foundry
VMware	Tanzu Application Service	Single Sign-On sans le dernier correctif de sécurité pour Tanzu Application Service version 1.16.11
VMware	Tanzu	File Integrity Monitoring sans le dernier correctif de sécurité pour Tanzu version 2.1.47

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 35981	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35967	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35980	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35974	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35979	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35984	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35970	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35983	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35978	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35968	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35973	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35976	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35969	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35966	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35972	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35977	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35982	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35971	2025-07-24	vendor-advisory
Bulletin de sécurité VMware 35975	2025-07-24	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry Windows",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry Windows",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry Windows",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Anti-Virus sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.4.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Scheduler sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.0.19",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "GenAI sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Platform pour Cloud Foundry version 10.2.1",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Application Service versions ant\u00e9rieures \u00e0 1.16.11",
      "product": {
        "name": "Tanzu Application Service",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry isolation segment",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry isolation segment",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Cloud Services sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 3.3.8",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 10.0.x ant\u00e9rieures \u00e0 10.0.8 pour Cloud Foundry",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 4.0.x ant\u00e9rieures \u00e0 4.0.38+LTS-T pour Cloud Foundry isolation segment",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Spring Cloud Data Flow sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 1.14.7",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 6.0.x ant\u00e9rieures \u00e0 6.0.18+LTS-T pour Cloud Foundry isolation segment",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Platform versions 10.2.x ant\u00e9rieures \u00e0 10.2.1+LTS-T pour Cloud Foundry",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Single Sign-On sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu Application Service version 1.16.11",
      "product": {
        "name": "Tanzu Application Service",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "File Integrity Monitoring sans le dernier correctif de s\u00e9curit\u00e9 pour Tanzu version 2.1.47",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2022-30633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
    },
    {
      "name": "CVE-2022-1705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
    },
    {
      "name": "CVE-2022-27664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
    },
    {
      "name": "CVE-2022-28131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
    },
    {
      "name": "CVE-2022-32148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
    },
    {
      "name": "CVE-2022-32189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
    },
    {
      "name": "CVE-2022-1962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
    },
    {
      "name": "CVE-2022-30635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
    },
    {
      "name": "CVE-2022-32149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32149"
    },
    {
      "name": "CVE-2022-30631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
    },
    {
      "name": "CVE-2022-30632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
    },
    {
      "name": "CVE-2022-30630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2022-29526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2022-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
    },
    {
      "name": "CVE-2022-24921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
    },
    {
      "name": "CVE-2022-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2022-27774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
    },
    {
      "name": "CVE-2022-27775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
    },
    {
      "name": "CVE-2022-22576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
    },
    {
      "name": "CVE-2022-27776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
    },
    {
      "name": "CVE-2022-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
    },
    {
      "name": "CVE-2022-27191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
    },
    {
      "name": "CVE-2022-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
    },
    {
      "name": "CVE-2022-25647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
    },
    {
      "name": "CVE-2022-28327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
    },
    {
      "name": "CVE-2022-24675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
    },
    {
      "name": "CVE-2022-27782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2022-27781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2022-3358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3358"
    },
    {
      "name": "CVE-2022-1271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
    },
    {
      "name": "CVE-2022-32221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
    },
    {
      "name": "CVE-2022-42916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
    },
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2022-42915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
    },
    {
      "name": "CVE-2022-43551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
    },
    {
      "name": "CVE-2022-43552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2023-23915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
    },
    {
      "name": "CVE-2023-23914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
    },
    {
      "name": "CVE-2023-23916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
    },
    {
      "name": "CVE-2022-41717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2022-2879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
    },
    {
      "name": "CVE-2022-41715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
    },
    {
      "name": "CVE-2022-2880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
    },
    {
      "name": "CVE-2022-41716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2023-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
    },
    {
      "name": "CVE-2022-30629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
    },
    {
      "name": "CVE-2022-41723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
    },
    {
      "name": "CVE-2022-41722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
    },
    {
      "name": "CVE-2022-30580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
    },
    {
      "name": "CVE-2022-41720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41720"
    },
    {
      "name": "CVE-2022-41725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
    },
    {
      "name": "CVE-2022-41724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
    },
    {
      "name": "CVE-2023-24532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
    },
    {
      "name": "CVE-2023-24537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2022-30634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30634"
    },
    {
      "name": "CVE-2023-27533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
    },
    {
      "name": "CVE-2023-27534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
    },
    {
      "name": "CVE-2022-27780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27780"
    },
    {
      "name": "CVE-2022-29804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29804"
    },
    {
      "name": "CVE-2023-24536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
    },
    {
      "name": "CVE-2023-24538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
    },
    {
      "name": "CVE-2023-1255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
    },
    {
      "name": "CVE-2023-28322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
    },
    {
      "name": "CVE-2023-28320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
    },
    {
      "name": "CVE-2023-28321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
    },
    {
      "name": "CVE-2023-24540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
    },
    {
      "name": "CVE-2023-29400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
    },
    {
      "name": "CVE-2023-24539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
    },
    {
      "name": "CVE-2023-2975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2023-28319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2023-29404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
    },
    {
      "name": "CVE-2023-29402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
    },
    {
      "name": "CVE-2023-29403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
    },
    {
      "name": "CVE-2023-29405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2023-29409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
    },
    {
      "name": "CVE-2023-29406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
    },
    {
      "name": "CVE-2023-40403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40403"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-33201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
    },
    {
      "name": "CVE-2016-1000027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
    },
    {
      "name": "CVE-2023-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2023-5678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
    },
    {
      "name": "CVE-2023-40217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
    },
    {
      "name": "CVE-2022-0563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0563"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2023-6237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
    },
    {
      "name": "CVE-2023-39323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
    },
    {
      "name": "CVE-2023-36617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36617"
    },
    {
      "name": "CVE-2022-23471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
    },
    {
      "name": "CVE-2023-25153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
    },
    {
      "name": "CVE-2023-24534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
    },
    {
      "name": "CVE-2023-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
    },
    {
      "name": "CVE-2023-46218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46218"
    },
    {
      "name": "CVE-2023-39318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
    },
    {
      "name": "CVE-2023-39319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
    },
    {
      "name": "CVE-2024-0727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
    },
    {
      "name": "CVE-2023-39325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39325"
    },
    {
      "name": "CVE-2023-25173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
    },
    {
      "name": "CVE-2022-31030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31030"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2023-36632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
    },
    {
      "name": "CVE-2024-28085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28085"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2020-22916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-22916"
    },
    {
      "name": "CVE-2023-3978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3978"
    },
    {
      "name": "CVE-2023-2253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2253"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2023-6597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6597"
    },
    {
      "name": "CVE-2024-21011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
    },
    {
      "name": "CVE-2024-21094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
    },
    {
      "name": "CVE-2024-21068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21068"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2024-21012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21012"
    },
    {
      "name": "CVE-2023-28841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
    },
    {
      "name": "CVE-2023-28842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
    },
    {
      "name": "CVE-2023-39326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
    },
    {
      "name": "CVE-2023-45283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45283"
    },
    {
      "name": "CVE-2023-28840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
    },
    {
      "name": "CVE-2023-45285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
    },
    {
      "name": "CVE-2023-45284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45284"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2023-6378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6378"
    },
    {
      "name": "CVE-2023-45289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
    },
    {
      "name": "CVE-2023-45290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
    },
    {
      "name": "CVE-2024-24783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
    },
    {
      "name": "CVE-2024-24784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
    },
    {
      "name": "CVE-2024-24785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2024-35255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
    },
    {
      "name": "CVE-2024-24557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
    },
    {
      "name": "CVE-2024-24786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
    },
    {
      "name": "CVE-2024-28180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2024-30172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2024-2398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2398"
    },
    {
      "name": "CVE-2024-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
    },
    {
      "name": "CVE-2024-4030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4030"
    },
    {
      "name": "CVE-2024-4032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
    },
    {
      "name": "CVE-2024-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0450"
    },
    {
      "name": "CVE-2024-36945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
    },
    {
      "name": "CVE-2024-21131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
    },
    {
      "name": "CVE-2024-21138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
    },
    {
      "name": "CVE-2024-21140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
    },
    {
      "name": "CVE-2024-21144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
    },
    {
      "name": "CVE-2024-21145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
    },
    {
      "name": "CVE-2024-21147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
    },
    {
      "name": "CVE-2023-28756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28756"
    },
    {
      "name": "CVE-2024-6923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
    },
    {
      "name": "CVE-2024-3219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3219"
    },
    {
      "name": "CVE-2023-45287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
    },
    {
      "name": "CVE-2024-24787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
    },
    {
      "name": "CVE-2024-42230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42230"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2022-24769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24769"
    },
    {
      "name": "CVE-2024-41110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
    },
    {
      "name": "CVE-2024-38816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2024-8096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
    },
    {
      "name": "CVE-2024-46812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46812"
    },
    {
      "name": "CVE-2024-46821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46821"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2024-46753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46753"
    },
    {
      "name": "CVE-2024-46787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46787"
    },
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2024-21208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
    },
    {
      "name": "CVE-2024-21210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
    },
    {
      "name": "CVE-2024-21217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
    },
    {
      "name": "CVE-2024-21235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
    },
    {
      "name": "CVE-2024-9143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
    },
    {
      "name": "CVE-2024-38819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
    },
    {
      "name": "CVE-2024-38820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
    },
    {
      "name": "CVE-2024-34447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2024-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
    },
    {
      "name": "CVE-2024-9681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
    },
    {
      "name": "CVE-2024-11168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
    },
    {
      "name": "CVE-2024-38828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
    },
    {
      "name": "CVE-2024-50047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50047"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2024-53051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53051"
    },
    {
      "name": "CVE-2024-0406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
    },
    {
      "name": "CVE-2024-53144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53144"
    },
    {
      "name": "CVE-2024-8805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8805"
    },
    {
      "name": "CVE-2025-21502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21502"
    },
    {
      "name": "CVE-2024-27282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2024-56664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56664"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2024-50602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2025-1795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-24791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
    },
    {
      "name": "CVE-2025-22228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
    },
    {
      "name": "CVE-2023-24531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
    },
    {
      "name": "CVE-2024-45336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2024-45341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
    },
    {
      "name": "CVE-2025-22866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2024-56171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
    },
    {
      "name": "CVE-2025-27113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27113"
    },
    {
      "name": "CVE-2020-36843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36843"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2025-30691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30691"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2025-24928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
    },
    {
      "name": "CVE-2025-21941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21941"
    },
    {
      "name": "CVE-2025-21956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21956"
    },
    {
      "name": "CVE-2025-21957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21957"
    },
    {
      "name": "CVE-2025-21959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21959"
    },
    {
      "name": "CVE-2025-21962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21962"
    },
    {
      "name": "CVE-2025-21963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21963"
    },
    {
      "name": "CVE-2025-21964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21964"
    },
    {
      "name": "CVE-2025-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21968"
    },
    {
      "name": "CVE-2025-21970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21970"
    },
    {
      "name": "CVE-2025-21975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21975"
    },
    {
      "name": "CVE-2025-21981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21981"
    },
    {
      "name": "CVE-2025-21991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21991"
    },
    {
      "name": "CVE-2025-21992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21992"
    },
    {
      "name": "CVE-2025-21994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21994"
    },
    {
      "name": "CVE-2025-21996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21996"
    },
    {
      "name": "CVE-2025-21999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21999"
    },
    {
      "name": "CVE-2025-22004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
    },
    {
      "name": "CVE-2025-22005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22005"
    },
    {
      "name": "CVE-2025-22007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22007"
    },
    {
      "name": "CVE-2025-22008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22008"
    },
    {
      "name": "CVE-2025-22010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22010"
    },
    {
      "name": "CVE-2025-22014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22014"
    },
    {
      "name": "CVE-2020-15250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15250"
    },
    {
      "name": "CVE-2024-12798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
    },
    {
      "name": "CVE-2024-12801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
    },
    {
      "name": "CVE-2024-29018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29018"
    },
    {
      "name": "CVE-2025-21613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
    },
    {
      "name": "CVE-2025-21614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21614"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2025-22235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
    },
    {
      "name": "CVE-2025-2312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2312"
    },
    {
      "name": "CVE-2025-31650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
    },
    {
      "name": "CVE-2025-31651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2023-53034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-53034"
    },
    {
      "name": "CVE-2025-22025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22025"
    },
    {
      "name": "CVE-2025-22035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22035"
    },
    {
      "name": "CVE-2025-22044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22044"
    },
    {
      "name": "CVE-2025-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22045"
    },
    {
      "name": "CVE-2025-22050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22050"
    },
    {
      "name": "CVE-2025-22054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22054"
    },
    {
      "name": "CVE-2025-22055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22055"
    },
    {
      "name": "CVE-2025-22056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22056"
    },
    {
      "name": "CVE-2025-22060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22060"
    },
    {
      "name": "CVE-2025-22063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22063"
    },
    {
      "name": "CVE-2025-22066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22066"
    },
    {
      "name": "CVE-2025-22071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22071"
    },
    {
      "name": "CVE-2025-22073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22073"
    },
    {
      "name": "CVE-2025-22075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22075"
    },
    {
      "name": "CVE-2025-22079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22079"
    },
    {
      "name": "CVE-2025-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22081"
    },
    {
      "name": "CVE-2025-22086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22086"
    },
    {
      "name": "CVE-2025-22089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22089"
    },
    {
      "name": "CVE-2025-22097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22097"
    },
    {
      "name": "CVE-2025-23136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23136"
    },
    {
      "name": "CVE-2025-23138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23138"
    },
    {
      "name": "CVE-2025-37785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37785"
    },
    {
      "name": "CVE-2025-38152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38152"
    },
    {
      "name": "CVE-2025-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38575"
    },
    {
      "name": "CVE-2025-38637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38637"
    },
    {
      "name": "CVE-2025-39728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39728"
    },
    {
      "name": "CVE-2025-39735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39735"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2025-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
    },
    {
      "name": "CVE-2024-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
    },
    {
      "name": "CVE-2025-4575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4575"
    },
    {
      "name": "CVE-2022-49728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49728"
    },
    {
      "name": "CVE-2024-58093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58093"
    },
    {
      "name": "CVE-2025-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22018"
    },
    {
      "name": "CVE-2025-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22020"
    },
    {
      "name": "CVE-2025-37798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37798"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2025-46701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
    },
    {
      "name": "CVE-2025-22021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22021"
    },
    {
      "name": "CVE-2025-37889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37889"
    },
    {
      "name": "CVE-2025-37937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37937"
    },
    {
      "name": "CVE-2025-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37890"
    },
    {
      "name": "CVE-2025-37932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37932"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2025-41234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
    },
    {
      "name": "CVE-2025-49146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
    },
    {
      "name": "CVE-2025-27219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
    },
    {
      "name": "CVE-2025-27220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2025-48988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
    },
    {
      "name": "CVE-2025-49124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49124"
    },
    {
      "name": "CVE-2025-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
    },
    {
      "name": "CVE-2024-53427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-6020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
    },
    {
      "name": "CVE-2022-49636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49636"
    },
    {
      "name": "CVE-2025-37997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37997"
    },
    {
      "name": "CVE-2025-38000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38000"
    },
    {
      "name": "CVE-2025-38001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38001"
    },
    {
      "name": "CVE-2022-21698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21698"
    },
    {
      "name": "CVE-2025-32462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
    },
    {
      "name": "CVE-2025-52434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52434"
    },
    {
      "name": "CVE-2025-53506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53506"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-30761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    },
    {
      "name": "CVE-2021-3995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3995"
    },
    {
      "name": "CVE-2021-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3996"
    },
    {
      "name": "CVE-2022-28948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28948"
    },
    {
      "name": "CVE-2022-29173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29173"
    },
    {
      "name": "CVE-2022-35929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35929"
    },
    {
      "name": "CVE-2022-36056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36056"
    },
    {
      "name": "CVE-2022-36109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36109"
    },
    {
      "name": "CVE-2023-28755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28755"
    },
    {
      "name": "CVE-2023-30551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30551"
    },
    {
      "name": "CVE-2023-33199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33199"
    },
    {
      "name": "CVE-2023-33202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
    },
    {
      "name": "CVE-2023-46737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46737"
    },
    {
      "name": "CVE-2024-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
    },
    {
      "name": "CVE-2024-24579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24579"
    },
    {
      "name": "CVE-2024-29902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29902"
    },
    {
      "name": "CVE-2024-29903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29903"
    },
    {
      "name": "CVE-2024-40635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40635"
    },
    {
      "name": "CVE-2024-41909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41909"
    },
    {
      "name": "CVE-2024-45339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
    },
    {
      "name": "CVE-2024-47611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
    },
    {
      "name": "CVE-2024-52587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52587"
    },
    {
      "name": "CVE-2024-6104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2025-25186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25186"
    },
    {
      "name": "CVE-2025-27221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27221"
    },
    {
      "name": "CVE-2025-29786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29786"
    },
    {
      "name": "CVE-2025-32441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32441"
    },
    {
      "name": "CVE-2025-32955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32955"
    },
    {
      "name": "CVE-2025-32988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32988"
    },
    {
      "name": "CVE-2025-32989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32989"
    },
    {
      "name": "CVE-2025-32990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32990"
    },
    {
      "name": "CVE-2025-3445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
    },
    {
      "name": "CVE-2025-38177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38177"
    },
    {
      "name": "CVE-2025-46727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46727"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2025-47290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47290"
    },
    {
      "name": "CVE-2025-48060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
    },
    {
      "name": "CVE-2025-4877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4877"
    },
    {
      "name": "CVE-2025-4878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4878"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2025-49014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
    },
    {
      "name": "CVE-2025-4949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4949"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2025-5318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
    },
    {
      "name": "CVE-2025-5372",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5372"
    },
    {
      "name": "CVE-2025-5914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
    },
    {
      "name": "CVE-2025-5915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5915"
    },
    {
      "name": "CVE-2025-5916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5916"
    },
    {
      "name": "CVE-2025-5917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5917"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2025-6395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6395"
    }
  ],
  "initial_release_date": "2025-07-25T00:00:00",
  "last_revision_date": "2025-07-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0622",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35981",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35981"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35967",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35967"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35980",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35980"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35974",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35974"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35979",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35979"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35984",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35984"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35970",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35970"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35983",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35983"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35978",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35978"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35968",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35968"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35973",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35973"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35976",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35976"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35969",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35969"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35966",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35966"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35972",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35972"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35977",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35977"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35982",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35982"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35971",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35971"
    },
    {
      "published_at": "2025-07-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35975",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35975"
    }
  ]
}

FKIE_CVE-2022-29173

Vulnerability from fkie_nvd - Published: 2022-05-05 23:15 - Updated: 2024-11-21 06:58

Severity ?

8.0 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj	Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	theupdateframework	go-tuf	0.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:theupdateframework:go-tuf:0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B11DE6-6488-4B21-B641-A5B5BE3A5A55",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading."
    },
    {
      "lang": "es",
      "value": "go-tuf es una implementaci\u00f3n en Go de El Update Framework (TUF). go-tuf no implementa correctamente el flujo de trabajo del cliente para la actualizaci\u00f3n de los archivos de metadatos para los roles que no sean el rol de root. Espec\u00edficamente, las comprobaciones para los ataques de retroceso no est\u00e1n implementadas correctamente, lo que significa que un atacante puede causar que los clientes instalen software que es m\u00e1s antiguo que el software que el cliente sab\u00eda previamente que estaba disponible, y puede incluir software con vulnerabilidades conocidas. En m\u00e1s detalle, el c\u00f3digo del cliente de go-tuf presenta varios problemas en cuanto a la prevenci\u00f3n de ataques de retroceso: 1. No presenta en cuenta el contenido de cualquier metadato previamente confiable, si est\u00e1 disponible, antes de proceder con la actualizaci\u00f3n de roles que no sean el rol root (es decir, los pasos 5.4.3.1 y 5.5.5 del flujo de trabajo detallado del cliente). Esto significa que cualquier forma de verificaci\u00f3n de la versi\u00f3n realizada en los metadatos reci\u00e9n descargados es realizada usando el valor por defecto de cero, que siempre pasa. 2. Para los roles de marca de tiempo e instant\u00e1nea, go-tuf guarda estos archivos de metadatos como confiables antes de verificar si la versi\u00f3n de los metaficheros a los que son referidos es correcta (es decir, los pasos 5.5.4 y 5.6.4 del flujo de trabajo detallado del cliente). Se presenta una correcci\u00f3n disponible en versi\u00f3n 0.3.0 o m\u00e1s reciente. No se  conocen medidas de mitigaci\u00f3n para este problema, aparte de la actualizaci\u00f3n"
    }
  ],
  "id": "CVE-2022-29173",
  "lastModified": "2024-11-21T06:58:38.390",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-05-05T23:15:09.220",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-354"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-354"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2022-29173

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-29173

Aliases

CVE-2022-29173

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-29173",
    "description": "go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading.",
    "id": "GSD-2022-29173",
    "references": [
      "https://access.redhat.com/errata/RHSA-2022:5704"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-29173"
      ],
      "details": "go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading.",
      "id": "GSD-2022-29173",
      "modified": "2023-12-13T01:19:41.616680Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-29173",
        "STATE": "PUBLIC",
        "TITLE": "No protection against rollback attacks in go-tuf"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "go-tuf",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 0.3.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "theupdateframework"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-354: Improper Validation of Integrity Check Value"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj",
            "refsource": "CONFIRM",
            "url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj"
          },
          {
            "name": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d",
            "refsource": "MISC",
            "url": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-66x3-6cw3-v5gj",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003cv0.3.0",
          "affected_versions": "All versions before 0.3.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-354",
            "CWE-937"
          ],
          "date": "2022-05-24",
          "description": "go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading.",
          "fixed_versions": [
            "v0.3.0"
          ],
          "identifier": "CVE-2022-29173",
          "identifiers": [
            "GHSA-66x3-6cw3-v5gj",
            "CVE-2022-29173"
          ],
          "not_impacted": "All versions starting from 0.3.0",
          "package_slug": "go/github.com/theupdateframework/go-tuf",
          "pubdate": "2022-05-24",
          "solution": "Upgrade to version 0.3.0 or above.",
          "title": "Improper Validation of Integrity Check Value",
          "urls": [
            "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj",
            "https://nvd.nist.gov/vuln/detail/CVE-2022-29173",
            "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d",
            "https://github.com/advisories/GHSA-66x3-6cw3-v5gj"
          ],
          "uuid": "d1aaf187-d935-4616-8936-e1a77ac1dbe1",
          "versions": [
            {
              "commit": {
                "sha": "d5a51b5a853e707834dd501c142096ea401b7624",
                "tags": [
                  "v0.3.0"
                ],
                "timestamp": "20220505154925"
              },
              "number": "v0.3.0"
            }
          ]
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:theupdateframework:go-tuf:0.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-29173"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-354"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/theupdateframework/go-tuf/commit/ed6788e710fc3093a7ecc2d078bf734c0f200d8d"
            },
            {
              "name": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/theupdateframework/go-tuf/security/advisories/GHSA-66x3-6cw3-v5gj"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-05-17T19:55Z",
      "publishedDate": "2022-05-05T23:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-29173 (GCVE-0-2022-29173)

GHSA-66X3-6CW3-V5GJ

Impact

Patches

Workarounds

References

For more information

CERTFR-2025-AVI-0622

Solutions

FKIE_CVE-2022-29173

GSD-2022-29173

Tags

Sightings

Nomenclature